Description
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)
WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)
WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.3)
WordPress Plugin WassUp Real Time Analytics Unspecified Vulnerability (1.7.2)