CVE-2005-1688

MEDIUM

Wordpress <1.5 - Info Disclosure

Title source: llm

Description

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.

References (1)

[Third Party Advisory] http://marc.info/?l=bugtraq&m=111661517716733&w=2

Scores

CVSS v3 5.3

EPSS 0.0062

EPSS Percentile 69.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-425

Status draft

Affected Products (1)

wordpress/wordpress < 1.5

Timeline

Published May 20, 2005

Tracked Since Feb 18, 2026