3 matches found
WP < 6.0.3 - Open Redirect via wp_nonce_ays
Description WordPress does not validate the URL to redirect the user to when displaying the nonce error via wpnonceays, which could lead to an Open Redirect issue...
CVE-2007-3639
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via 1 the wphttpreferer parameter to wp-pass.php, related to the wpgetreferer function in wp-includes/functions.php; and possibly other vectors related to 2...
CVE-2007-3639
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via 1 the wphttpreferer parameter to wp-pass.php, related to the wpgetreferer function in wp-includes/functions.php; and possibly other vectors related to 2...