wordpress is vulnerable to open redirect. The vulnerability exists as the values of $location
used in wp_validate_redirect
in wp-includes/pluggable.php
is not properly sanitized.
github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693
github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
lists.debian.org/debian-lts-announce/2020/07/msg00000.html
lists.debian.org/debian-lts-announce/2020/09/msg00011.html
lists.fedoraproject.org/archives/list/[email protected]/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/
lists.fedoraproject.org/archives/list/[email protected]/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/
wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
www.debian.org/security/2020/dsa-4709