In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. Reference: https://wpvulndb.com/vulnerabilities/9863 Upstream commit: https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28
Created wordpress tracking bugs for this issue: Affects: epel-6 [bug 1776437]
Created wordpress tracking bugs for this issue: Affects: epel-7 [bug 1776439]
We already have 5.1.3 which includes security fixes from 5.2.4