ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP PHP Widget Plugin <= 1.0.2 - Full Path Disclosure

Product
WP PHP Widget
Description
This vulnerability is in the wp-php-widget.php. It allows the attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
CVE Mitre
CVE
Name CVE-2013-0721
Versions
Affected In <= 1.0.2
Fixed In 1.0.3
Disclosure date
2013-01-02
Credits
Evil aXe