Description

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.

Remediation

References

CVE-2008-6762

Related Vulnerabilities

WordPress Plugin Contact Form 7 Arbitrary File Upload (5.3.1)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (6.0.3.3)

Oracle HTTP Server Other Vulnerability (CVE-2002-0655)

WordPress Plugin Site Reviews CSV Injection (6.2.0)

WordPress Plugin Popups, Welcome Bar, Optins and Lead Generation-Icegram Cross-Site Scripting (2.0.4)

Severity

Medium

Classification

CVE-2008-6762 CWE-59

Tags

Missing Update Known Vulnerabilities