ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.6.9 - Open Redirection

Product
WordPress
Description
Because of this vulnerability in wp-admin/upgrade.php, the attackers can redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "backto" parameter.
Solution
Update WordPress.
Classification
Type Open Redirection
References
CVE Mitre
CVE
Name CVE-2008-6762
Versions
Affected In <= 2.6.9
Fixed In 2.7
Disclosure date
2009-04-28