EPSS
Percentile
76.9%
WordPress is vulnerable to unsafe URL redirection. Redirection URLs are not validated if the login page is redirected using SSL protocol.
core.trac.wordpress.org/changeset/42892
github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
make.wordpress.org/core/2018/04/03/wordpress-4-9-5/
wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/