Unrated severityNVD Advisory· Published Sep 12, 2013· Updated Jun 16, 2026
CVE-2013-4339
CVE-2013-4339
Description
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=3.6
- (no CPE)range: <3.6.1
Patches
Vulnerability mechanics
References
10- wordpress.org/news/2013/09/wordpress-3-6-1/nvdPatchVendor Advisory
- core.trac.wordpress.org/changeset/25323nvdExploitPatch
- core.trac.wordpress.org/changeset/25324nvdExploitPatch
- codex.wordpress.org/Version_3.6.1nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.htmlnvd
- seclists.org/fulldisclosure/2013/Dec/174nvd
- www.debian.org/security/2013/dsa-2757nvd
- www.osvdb.org/101181nvd
News mentions
0No linked articles in our index yet.