Description
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.
Remediation
References
Related Vulnerabilities
PHP Use of Insufficiently Random Values Vulnerability (CVE-2023-3247)
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2022-29224)
WordPress Plugin Calendar Event Multi View SQL Injection (1.01)
MySQL CVE-2016-0595 Vulnerability (CVE-2016-0595)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)