Open Redirect

WordPress is vulnerable to open redirect attacks. It is possible because the library does not properly validate the external URL in wphttpreferer in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, allowing attackers to redirect users to a different website...

CVE-2017-14725

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...

Open redirect

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...

CVE-2017-14725

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...

CVE-2017-14725

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...

CVE-2014-3546

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in 1 notes/index.php and 2 user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a...

CVE-2006-6016

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified userid parameter...

CVE-2006-6016

CVE-2006-6016 affects WordPress components prior to 2.0.5. A remote authenticated user can access the metadata of arbitrary users by modifying the user_id parameter on wp-admin/user-edit.php. The underlying issue exposes partial confidentiality and is triggered by insufficient access control for ...