WordPress: [BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint

Hi, In a similar manner to 228569, it is currently possible to execute authenticated open redirections via the wphttpreferer parameter used in the BuddyPress extended user edit screen. Proof of concept Upon accessing the below URL, please select the "Update Profile" button, then select the "←Back...

DEBIAN-CVE-2007-3639

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via 1 the wphttpreferer parameter to wp-pass.php, related to the wpgetreferer function in wp-includes/functions.php; and possibly other vectors related to 2...