WordPress <=3.6 - URL Redirect Restriction Bypass

wordpress

Software
WordPress
Versions
<=3.6, 3.1
Disclosure date
2013-10-14
CVE
CVE-N/A
References
Credits
Classification
Bypass Vulnerability
OWASP Top 10

Are your websites subject to this vulnerability?

Details

WordPress version 3.6 is affected by a URL redirect restriction bypass vulnerability. It allows an attacker to craft a URL by clicking, that the victim would be taken to a site of the attacker's choice via the Location: tag in a 302 Redirect.

Solution

Upgrade to version 3.6.1.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.