Description
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)
WordPress Plugin Add From Server Directory Traversal (3.3.3)
Oracle JRE Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-21011)
WordPress Plugin Contact Form 'wpcf_easyform_formid' Parameter SQL Injection (2.7.5)