This vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL which triggers incorrect hostname parsing.
Update WordPress.