Description

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.

Remediation

References

CVE-2007-1409

Related Vulnerabilities

EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.9.0)

datatables Cross-site Scripting (XSS) Vulnerability (CVE-2015-6584)

XWikiplatform Missing Authorization Vulnerability (CVE-2024-45591)

XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2022-41936)

Severity

Medium

Classification

CVE-2007-1409

Tags

Missing Update Known Vulnerabilities