Description

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.

Remediation

References

CVE-2007-1409

Related Vulnerabilities

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.5)

WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5625)

Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2020-13434)

WordPress Plugin WP Background Takeover Directory Traversal (4.1.4)

Severity

Medium

Classification

CVE-2007-1409

Tags

Missing Update Known Vulnerabilities