CVE-2020-4048

MEDIUM Year: 2020
CVSS v3 Score
5.7
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

Related Vulnerabilities

CVE-2022-3438

MEDIUM
CVSS:5.7(Medium)

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

CWE-6012022

CVE-2019-14857

MEDIUM
CVSS:5.8(Medium)

A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.

CWE-6012019

CVE-2019-0540

MEDIUM
CVSS:5.5(Medium)

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credent...

CWE-6012019

CVE-2022-45169

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowi...

CWE-6012022

CVE-2022-4644

MEDIUM
CVSS:5.9(Medium)

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.

CWE-6012022

CVE-2016-0228

MEDIUM
CVSS:5.4(Medium)

IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redi...

CWE-6012016