WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote malicious users to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roytanck wp-cumulus 1.20 |