CVE-2007-3639

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 2.2.2

Description The issue allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information. This is related to the wp http referer parameter in wp-pass.php, the wp get referer function in wp-includes/functions.php, and possibly other vectors in wp-includes/pluggable.php and the wp nonce ays function in wp-includes/functions.php.

Recommendations For WordPress versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-pass.php file and avoiding the use of the wp http referer parameter until the issue is resolved.