Description
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Preloader Cross-Site Scripting (1.0.0)
WordPress Plugin Party Hall Booking Manager SQL Injection (1.1)
WordPress Plugin Random Banner Cross-Site Scripting (4.1.4)
WordPress Plugin Style It Cross-Site Scripting (1.0)
WordPress Plugin Ceceppa Multilingua Unspecified Vulnerability (1.5.3)