WordPress Vulnerabilities

WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass

Affects WordPress

3.6
Fixed in WordPress 3.6.1
3.5.2
Fixed in WordPress 3.6.1
3.5.1
Fixed in WordPress 3.6.1
3.5
Fixed in WordPress 3.6.1
3.4.2
Fixed in WordPress 3.6.1
3.4.1
Fixed in WordPress 3.6.1
3.4
Fixed in WordPress 3.6.1
3.3.3
Fixed in WordPress 3.6.1
3.3.2
Fixed in WordPress 3.6.1
3.3.1
Fixed in WordPress 3.6.1
3.3
Fixed in WordPress 3.6.1
3.2.1
Fixed in WordPress 3.6.1
3.2
Fixed in WordPress 3.6.1
3.1.4
Fixed in WordPress 3.6.1
3.1.3
Fixed in WordPress 3.6.1
3.1.2
Fixed in WordPress 3.6.1
3.1.1
Fixed in WordPress 3.6.1
3.1
Fixed in WordPress 3.6.1
3.0.6
Fixed in WordPress 3.6.1
3.0.5
Fixed in WordPress 3.6.1
3.0.4
Fixed in WordPress 3.6.1
3.0.3
Fixed in WordPress 3.6.1
3.0.2
Fixed in WordPress 3.6.1
3.0.1
Fixed in WordPress 3.6.1
3.0
Fixed in WordPress 3.6.1

References

CVE
CVE-2013-4339
Exploitdb
28958
URL
https://packetstormsecurity.com/files/#123589/
URL
https://core.trac.wordpress.org/changeset/25323
URL
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Verified
No
WPVDB ID
16837700-a6dc-4825-8c7b-1486e0fb9c76

Timeline

Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2017-05-16
Title
WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
Published
2021-04-29
Title
AcyMailing < 7.5.0 - Open Redirect
Published
2023-02-06
Title
Pie Register < 3.8.2.3 - Open Redirect
Published
2023-04-27
Title
WP Directory Kit < 1.2.0 - Open Redirect
Published
2017-09-20
Title
WordPress 2.9.2-4.8.1 - Open Redirect