CVE-2007-3639 — Wordpress vulnerability

4 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

1.1%

top 21.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJul 10

Latest updateMay 1

Description

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.2.2-1 (bookworm)

▶Debianwordpress/wordpress< 2.2.2-1+3

▶NVDwordpress/wordpress2.2.1

🔴Vulnerability Details

GHSA

GHSA-f3vf-85qq-vx9q: WordPress before 2↗2022-05-01

▶

OSV

CVE-2007-3639: WordPress before 2↗2007-07-10

▶

📋Vendor Advisories

Debian

CVE-2007-3639: wordpress - WordPress before 2.2.2 allows remote attackers to redirect visitors to other web...↗2007

▶