Description

wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.

Remediation

References

CVE-2007-1599

Related Vulnerabilities

WordPress Plugin BuddyPress Security Bypass (5.1.0)

WordPress Plugin iCopyright Toolbar 'icopyright_xml.php' SQL Injection (1.1.4)

WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7)

Oracle JRE CVE-2014-2409 Vulnerability (CVE-2014-2409)

MongoDb Insufficiently Protected Credentials Vulnerability (CVE-2021-32039)

Severity

Medium

Classification

CVE-2007-1599

Tags

Missing Update Known Vulnerabilities