CVE-2018-10100by Jeremyin Security Bulletinson Posted on April 16, 2018 Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.