CVE-2007-3639

Description

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.

How to fix CVE-2007-3639

To remediate CVE-2007-3639, upgrade the affected package to a fixed version below.

• Debian/wordpress—upgrade to 2.2.2-1 or later

Is CVE-2007-3639 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.2.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-3639