Vulnerability CVE-2018-10101


Published: 2018-04-16

Description:
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Wordpress
Product: Wordpress 
Version:
4.9.4
4.9.3
4.9.2
4.9.1
4.9
4.8.8
4.8.7
4.8.6
4.8.5
4.8.4
4.8.3
4.8.2
4.8.1
4.8
4.7.9
4.7.8
4.7.7
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.12
4.7.11
4.7.10
4.7.1
4.7
4.6.9
4.6.8
4.6.7
4.6.6
4.6.5
4.6.4
4.6.3
4.6.2
4.6.13
4.6.12
4.6.11
4.6.10
4.6.1
4.6
4.5.9
4.5.8
4.5.7
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.16
4.5.15
4.5.14
4.5.13
4.5.12
4.5.11
4.5.10
4.5.1
4.5
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.17
4.4.16
4.4.15
4.4.14
4.4.13
4.4.12
4.4.11
4.4.10
4.4.1
4.4.0
4.4
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.18
4.3.17
4.3.16
4.3.15
4.3.14
4.3.13
4.3.12
4.3.11
4.3.10
4.3.1
4.3.0
4.3
4.2.9
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://www.securityfocus.com/bid/104350
http://www.securitytracker.com/id/1040836
https://codex.wordpress.org/Version_4.9.5
https://core.trac.wordpress.org/changeset/42894
https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
https://wpvulndb.com/vulnerabilities/9053
https://www.debian.org/security/2018/dsa-4193

Related CVE
CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.
CVE-2019-9787
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elem...
CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filen...
CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can exe...
CVE-2018-20153
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
CVE-2018-20152
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
CVE-2018-20151
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the p...
CVE-2018-20150
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Copyright 2019, cxsecurity.com

 

Back to Top