Description
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Aditya Balapure · textwebappsphp
https://www.exploit-db.com/exploits/38111
References (2)
Core 2
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-12/0061.html
Product x_refsource_confirm
http://wordpress.org/extend/plugins/simple-gmail-login/changelog/
Scores
EPSS
0.0694
EPSS Percentile
91.5%
Details
CWE
CWE-200
Status
published
Products (2)
simple_gmail_login/1.1.2
simple_gmail_login/1.1.3
Published
Dec 11, 2012
Tracked Since
Feb 18, 2026