CVE-2010-4403

Register Plus < 3.5.1 - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm
STIX 2.1

Description

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.

References (3)

Core 3
Core References
Exploit x_refsource_misc
http://websecurity.com.ua/4539
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514903/100/0/threaded

Scores

EPSS 0.0237
EPSS Percentile 81.9%

Details

CWE
CWE-200
Status published
Products (22)
devbits/register-plus 1.1
devbits/register-plus 1.2
devbits/register-plus 2.0
devbits/register-plus 2.1
devbits/register-plus 2.2
devbits/register-plus 2.3
devbits/register-plus 2.4
devbits/register-plus 2.5
devbits/register-plus 2.6
devbits/register-plus 2.7
... and 12 more
Published Dec 06, 2010
Tracked Since Feb 18, 2026