Description
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://NeoSecurityTeam.net/advisories/Advisory-17.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426304/100/0/threaded
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15831
Vendor Advisory x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00085-06282005
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112006967221438&w=2
Scores
EPSS
0.0123
EPSS Percentile
79.4%
Details
Status
published
Products (7)
wordpress/wordpress
1.0
wordpress/wordpress
1.0.1
wordpress/wordpress
1.0.2
wordpress/wordpress
1.2
wordpress/wordpress
1.5
wordpress/wordpress
1.5.1
wordpress/wordpress
1.5.1.2
Published
Jul 05, 2005
Tracked Since
Feb 18, 2026