Description
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.
Remediation
References
Related Vulnerabilities
WordPress Plugin Product Catalog Unspecified Vulnerability (3.1.3)
Perl Integer Overflow or Wraparound Vulnerability (CVE-2020-10878)
WordPress Plugin Advanced Classifieds & Directory Pro Security Bypass (1.6.2)
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.14)
WordPress Plugin WordPress for Google Maps-WP MAPS SQL Injection (4.1.3)