Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Other Vulnerability (CVE-2007-3639)

Description

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.

Remediation

References

Related Vulnerabilities

phpMyFAQ Improper Authorization Vulnerability (CVE-2014-6049)

WordPress Plugin Bulk Datetime Change Security Bypass (1.11)

WordPress Plugin Asset CleanUp:Page Speed Booster Multiple Vulnerabilities (1.3.6.6)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-1151)

Oracle Database Server CVE-2020-2515 Vulnerability (CVE-2020-2515)

Severity

Medium

Classification

CVE-2007-3639

Tags

Missing Update Known Vulnerabilities