Vulnerability Details CVE-2007-1409
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/24566
- http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml
- http://www.securityfocus.com/archive/1/462230/100/0/threaded
- http://www.securityfocus.com/archive/1/462249/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32881
- http://secunia.com/advisories/24566
- http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml
- http://www.securityfocus.com/archive/1/462230/100/0/threaded
- http://www.securityfocus.com/archive/1/462249/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32881
Products affected by CVE-2007-1409
-
cpe:2.3:a:wordpress:wordpress:2.0
-
cpe:2.3:a:wordpress:wordpress:2.0.1
-
cpe:2.3:a:wordpress:wordpress:2.0.2
-
cpe:2.3:a:wordpress:wordpress:2.0.3
-
cpe:2.3:a:wordpress:wordpress:2.0.4
-
cpe:2.3:a:wordpress:wordpress:2.0.5
-
cpe:2.3:a:wordpress:wordpress:2.0.6
-
cpe:2.3:a:wordpress:wordpress:2.0.7
-
cpe:2.3:a:wordpress:wordpress:2.1
-
cpe:2.3:a:wordpress:wordpress:2.1.1