5
CVSSv2

CVE-2005-4463

CVSSv4: NA | CVSSv3: NA | CVSSv2: 5 | VMScore: 600 | EPSS: 0.00997 | KEV: Not Included
Published: 21/12/2005 Updated: 21/11/2024

Vulnerability Summary

WordPress prior to 1.5.2 allows remote malicious users to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 1.0

wordpress wordpress 1.0.1

wordpress wordpress 1.0.2

wordpress wordpress 1.2

wordpress wordpress 1.5

wordpress wordpress 1.5.1

wordpress wordpress 1.5.1.2

wordpress wordpress 1.5.1.3

wordpress wordpress 2.0.1