PT-2007-2981 · WordPress · Wordpress
Published
2007-03-22
·
Updated
2018-10-16
·
CVE-2007-1599
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WordPress (affected versions not specified)
Description
The issue allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information. This is achieved via the
redirect to parameter in the 'wp-login.php' page.Recommendations
For all affected versions, consider restricting access to the 'wp-login.php' page until a fix is available. As a temporary workaround, avoid using the
redirect to parameter in the 'wp-login.php' page to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wordpress