Description
wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80906
Third Party Advisory, VDB Entry x_refsource_misc
http://osvdb.org/ref/88/wp-php-widget.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/88846
Scores
EPSS
0.0230
EPSS Percentile
81.3%
Details
CWE
CWE-200
Status
published
Products (1)
wp_php_widget_project/wp_php_widget
1.0.2
Published
Jan 02, 2013
Tracked Since
Feb 18, 2026