Description

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.

Remediation

References

CVE-2007-3639

Related Vulnerabilities

Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21690 )

WordPress Plugin BuddyPress Security Bypass (2.3.4)

Oracle Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2002-2347)

MediaWiki Unquoted Search Path or Element Vulnerability (CVE-2021-31553)

WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.4)

Severity

Medium

Classification

CVE-2007-3639

Tags

Missing Update Known Vulnerabilities