CVE-2010-4403
Register Plus < 3.5.1 - Unauthenticated Sensitive Information Exposure via Direct Request
Title source: llmDescription
The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://websecurity.com.ua/4539
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514903/100/0/threaded
Scores
EPSS
0.0237
EPSS Percentile
81.9%
Details
CWE
CWE-200
Status
published
Products (22)
devbits/register-plus
1.1
devbits/register-plus
1.2
devbits/register-plus
2.0
devbits/register-plus
2.1
devbits/register-plus
2.2
devbits/register-plus
2.3
devbits/register-plus
2.4
devbits/register-plus
2.5
devbits/register-plus
2.6
devbits/register-plus
2.7
... and 12 more
Published
Dec 06, 2010
Tracked Since
Feb 18, 2026