Description
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.
Remediation
References
Related Vulnerabilities
Magento Improper Input Validation Vulnerability (CVE-2019-7899)
MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)
Jetty Other Vulnerability (CVE-2020-27216)
WordPress Plugin WP Reactions Lite Cross-Site Scripting (1.3.5)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.0.0)