Description

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.

Remediation

References

CVE-2005-1688

Related Vulnerabilities

WordPress Plugin Loan Comparison Multiple Cross-Site Scripting Vulnerabilities (1.5.2)

Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)

WordPress 3.9.x Cross-Site Request Forgery (3.9 - 3.9.26)

Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-1717)

Severity

Medium

Classification

CVE-2005-1688 CWE-425

Tags

Missing Update Known Vulnerabilities