Description

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.

Remediation

References

CVE-2007-1409

Related Vulnerabilities

WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3890)

WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.0)

MySQL CVE-2024-20975 Vulnerability (CVE-2024-20975)

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile PHP Object Injection (2.3.2.1)

WordPress Plugin MyBB Cross-Poster Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2007-1409

Tags

Missing Update Known Vulnerabilities