CVE 2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
See the
CVE page on Mitre.org
for more details.
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.