Nicholas Coblentz

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 2.2.2 **Description** The issue allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information. This is related to the ` wp http referer` parameter in `wp-pass.php`, the `wp get referer` function in `wp-includes/functions.php`, and possibly other vectors in `wp-includes/pluggable.php` and the `wp nonce ays` function in `wp-includes/functions.php`. **Recommendations** For WordPress versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wp-pass.php` file and avoiding the use of the ` wp http referer` parameter until the issue is resolved.