@blackswallow on WordPress.org
Created ticket #28469 on Core Trac:Open Redirect Vulnerability in WordPress's WP Login Plugin (wp-login.php) ...