WordPress: [BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint

Hi, In a similar manner to 228569, it is currently possible to execute authenticated open redirections via the wphttpreferer parameter used in the BuddyPress extended user edit screen. Proof of concept Upon accessing the below URL, please select the "Update Profile" button, then select the "←Back...