WordPress < 5.4.2 - Open Redirection



Description
Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().

Affects WordPresses

fixed in version 5.4.2
fixed in version 5.4.2
fixed in version 5.3.4
fixed in version 5.3.4
fixed in version 5.3.4
fixed in version 5.3.4
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.0.10
fixed in version 5.0.10
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34

References

CVE 2020-4048
URL https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
URL https://github.com/WordPress/WordPress/commit/10e2a50c523cf0b9785555a688d7d36a40fbeccf
URL https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Ben Bidner
Views 2379
Verified No
WPVDB ID 10265

Timeline

Publicly Published 2020-06-11 (28 days ago)
Added 2020-06-11 (28 days ago)
Last Updated 2020-06-13 (26 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin