Description
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Meow Gallery (+ Gallery Block) SQL Injection (4.1.8)
WordPress Plugin WP Super Cache Cache Poisoning (1.8)
WordPress Plugin FileBird-WordPress Media Library Folders & File Manager SQL Injection (4.7.3)
WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (2.4.2)
WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.2)