What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-4048.

What is the severity of CVE-2020-4048?

The severity of CVE-2020-4048 is medium (5.7).

What is the affected software for CVE-2020-4048?

The affected software for CVE-2020-4048 includes WordPress versions 3.7 to 5.4.2, Debian Linux versions 8.0 to 10.0, and Fedora versions 32 and 33.

How can I fix CVE-2020-4048?

To fix CVE-2020-4048, update WordPress to version 5.4.2 or apply the relevant patch provided by the vendor.

Where can I find more information about CVE-2020-4048?

You can find more information about CVE-2020-4048 on the WordPress Core Trac and GitHub security advisories.

Vulnerability/
CVE-2020-4048

medium

5.7

CWE

601

12/6/2020

27/2/2023

CVE-2020-4048

First published: Fri Jun 12 2020(Updated: )

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
debian/wordpress		5.0.15+dfsg1-0+deb10u1 5.0.19+dfsg1-0+deb10u1 5.7.8+dfsg1-0+deb11u2 6.1.1+dfsg1-1 6.3.1+dfsg1-1
WordPress WordPress	>=3.7<3.7.34
WordPress WordPress	>=3.8<3.8.34
WordPress WordPress	>=3.9<3.9.32
WordPress WordPress	>=4.0<4.0.31
WordPress WordPress	>=4.1<4.1.31
WordPress WordPress	>=4.2<4.2.28
WordPress WordPress	>=4.3<4.3.24
WordPress WordPress	>=4.4<4.4.23
WordPress WordPress	>=4.5<4.5.22
WordPress WordPress	>=4.6<4.6.19
WordPress WordPress	>=4.7<4.7.18
WordPress WordPress	>=4.8<4.8.14
WordPress WordPress	>=4.9<4.9.15
WordPress WordPress	>=5.0<5.0.10
WordPress WordPress	>=5.1<5.1.6
WordPress WordPress	>=5.2<5.2.7
WordPress WordPress	>=5.3.0<5.3.4
WordPress WordPress	>=5.4<5.4.2
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0

Remedy

https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-4048.
What is the severity of CVE-2020-4048?
The severity of CVE-2020-4048 is medium (5.7).
What is the affected software for CVE-2020-4048?
The affected software for CVE-2020-4048 includes WordPress versions 3.7 to 5.4.2, Debian Linux versions 8.0 to 10.0, and Fedora versions 32 and 33.
How can I fix CVE-2020-4048?
To fix CVE-2020-4048, update WordPress to version 5.4.2 or apply the relevant patch provided by the vendor.
Where can I find more information about CVE-2020-4048?
You can find more information about CVE-2020-4048 on the WordPress Core Trac and GitHub security advisories.

collector/security-tracker-debian
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/event
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/debian
vendor/wordpress
canonical/wordpress wordpress
version/wordpress wordpress/3.7
version/wordpress wordpress/3.8
version/wordpress wordpress/3.9
version/wordpress wordpress/4.0
version/wordpress wordpress/4.1
version/wordpress wordpress/4.2
version/wordpress wordpress/4.3
version/wordpress wordpress/4.4
version/wordpress wordpress/4.5
version/wordpress wordpress/4.6
version/wordpress wordpress/4.7
version/wordpress wordpress/4.8
version/wordpress wordpress/4.9
version/wordpress wordpress/5.0
version/wordpress wordpress/5.1
version/wordpress wordpress/5.2
version/wordpress wordpress/5.3.0
version/wordpress wordpress/5.4
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32
version/fedoraproject fedora/33
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
version/debian debian linux/10.0