WordPress <=4.9.4 - Use Safe Redirect for Login

wordpress

Software
WordPress
Versions
<=4.9.4
Disclosure date
2018-04-05
CVE
CVE-N/A
Credits
Classification
Open Redirection
OWASP Top 10
A10: Unvalidated Redirects and Forwards

Are your websites subject to this vulnerability?

Details

Use safe redirects when redirecting the login page if SSL is forced on WordPress versions 3.7-4.9.4

Solution

Update WordPress to the latest available version (at least 4.9.5).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.