BIT-wordpress-multisite-2020-4048

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/wordpress-multisite/BIT-wordpress-multisite-2020-4048.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-wordpress-multisite-2020-4048

Aliases

Published

2024-03-06T11:10:51.503Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

In affected versions of WordPress, due to an issue in wpvalidateredirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

Database specific

{
    "cpes": [
        "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / wordpress-multisite

Package

Name: wordpress-multisite
Purl: pkg:bitnami/wordpress-multisite

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.7.0

Fixed

3.7.34

Introduced

3.8.0

Fixed

3.8.34

Introduced

3.9.0

Fixed

3.9.32

Introduced

4.0.0

Fixed

4.0.31

Introduced

4.1.0

Fixed

4.1.31

Introduced

4.2.0

Fixed

4.2.28

Introduced

4.3.0

Fixed

4.3.24

Introduced

4.4.0

Fixed

4.4.23

Introduced

4.5.0

Fixed

4.5.22

Introduced

4.6.0

Fixed

4.6.19

Introduced

4.7.0

Fixed

4.7.18

Introduced

4.8.0

Fixed

4.8.14

Introduced

4.9.0

Fixed

4.9.15

Introduced

5.0.0

Fixed

5.0.10

Introduced

5.1.0

Fixed

5.1.6

Introduced

5.2.0

Fixed

5.2.7

Introduced

5.3.0

Fixed

5.3.4

Introduced

5.4.0

Fixed

5.4.2