Description
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Comments-wpDiscuz Cross-Site Scripting (3.1.4)
WordPress Plugin WP Editor.md Cross-Site Scripting (10.0.1)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5293)
WordPress Plugin Shopping Cart & eCommerce Store Cross-Site Request Forgery (5.1.0)
Microsoft SQL Server CVE-2023-32026 Vulnerability (CVE-2023-32026)