Description

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.

Remediation

References

CVE-2008-6762

Related Vulnerabilities

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0276)

WordPress Plugin Active Directory Integration/LDAP Integration Cross-Site Scripting (3.6.94)

WordPress Plugin KittyCatfish Ads by Missilesilo SQL Injection (2.2)

PrestaShop Improper Privilege Management Vulnerability (CVE-2023-43663)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6817)

Severity

Medium

Classification

CVE-2008-6762 CWE-59

Tags

Missing Update Known Vulnerabilities