Your submission was sent successfully! Close

CVE-2013-4339

Published: 12 September 2013

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.

Priority

Medium

Status

Package Release Status
wordpress
Launchpad, Ubuntu, Debian
artful Not vulnerable
(3.6.1+dfsg-1)
lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Not vulnerable
(3.6.1+dfsg-1)
trusty Does not exist
(trusty was not-affected [3.6.1+dfsg-1])
upstream
Released (3.6.1+dfsg-1)
utopic Not vulnerable
(3.6.1+dfsg-1)
vivid Does not exist

wily Not vulnerable
(3.6.1+dfsg-1)
xenial Not vulnerable
(3.6.1+dfsg-1)
yakkety Not vulnerable
(3.6.1+dfsg-1)
zesty Not vulnerable
(3.6.1+dfsg-1)