Description
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Unspecified Vulnerability (2.0.77.3)
WordPress Plugin LearnPress-WordPress LMS Cross-Site Request Forgery (3.2.7.2)
WordPress Plugin Keyword Meta Cross-Site Request Forgery (3.0)
WordPress Plugin Abandoned Cart Lite for WooCommerce Cross-Site Scripting (5.1.3)
WordPress Plugin Top 10-Popular posts for WordPress SQL Injection (2.4.3)