WordPress Failure Notice page will generate arbitrary hyperlinks

### Description: When the "WordPress Failure Notice" page is returned, if the parameter `_wp_http_referer` was supplied with a valid URL, this URL will be used as the "Please try again." link (see attachment). A way to reliably generate this page, is to append `?wpcspReceiveCSPviol=1&_wp_http_referer=example.com` to any page address. ### Impact: An obvious situation where this could lead to a problem, is if a malicious party is able to force the WordPress Failure Notice page with a parameter pointing to a site he controls. The unsuspecting user would be presented with a seemingly harmless page from a trusted domain, with an innocent looking "Please try again." link, which points to an attacker controlled location. The severity of this issue is arguably small, however. It would involve some considerable amount of work on the attackers part, to create a situation where this could become a problem. As far as I could tell, the only way to reliably force the "WordPress Failure Notice" page, is to append `?wpcspReceiveCSPviol=1` to an URL. ### Fix: A fix would be to check that supplied arguments to the `_wp_http_referer` parameter, is restricted to the same domain as the page or to ensure that users aren't able to force Failure pages.