Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress 远程攻击漏洞
Vulnerability Description
WordPress 2.2.2版本之前的版本允许远程攻击者可以借助(1)对wp-pass.php的_wp_http_referer参数,且它与wp-includes/functions.php中的wp_get_referer函数相关;以及可能的其它向量,这些向量与(2)wp-includes/pluggable.php和(3)wp-includes/functions.php中的wp_nonce_ays函数相关,重定向访问者至其它的站点并可能获得敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A