Description
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Theme Blvd Layout Builder Multiple Security Bypass Vulnerabilities (2.0.1)
WordPress Plugin WordPress Comments Import & Export Cross-Site Request Forgery (2.1.10)
WordPress Plugin Contact Form by BestWebSoft Cross-Site Request Forgery (3.82)
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.4.37.727)
WordPress Plugin WordPress Popular Posts Cross-Site Scripting (5.3.5)