Description
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (4.0.5)
Moodle Improper Input Validation Vulnerability (CVE-2020-10738)
WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.9)
WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.4)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.16.4)