Description
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2019-2395 Vulnerability (CVE-2019-2395)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-19849)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)
WordPress Plugin HandL UTM Grabber Security Bypass (2.6.4)
WordPress Plugin FV Flowplayer Video Player Multiple Vulnerabilities (7.3.14.727)