Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
CVSS v3.1 Score
5.3
/ 10.0
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Information
- Published
- 20 mai 2005
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
wordpress wordpressAll WordPress CVEs →
Versions : 1.5
Weaknesses (CWE)
CWE-425CWE-425
References (2)
- http://marc.info/?l=bugtraq&m=111661517716733&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=111661517716733&w=2Third Party Advisory
Similar CVEs
Other vulnerabilities of type CWE-425
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.