Vulnerabilities > CVE-2007-1409 - Information Disclosure vulnerability in WordPress

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wordpress

nessus

NVD

Published: 2007-03-10

Updated: 2018-10-16

Summary

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.

Vulnerable Configurations

Part	Description	Count
Application	Wordpress Wordpress Wordpress 2.0 Wordpress Wordpress 2.0.1 Wordpress Wordpress 2.0.2 Wordpress Wordpress 2.0.3 Wordpress Wordpress 2.0.4 Wordpress Wordpress 2.0.5 Wordpress Wordpress 2.0.6 Wordpress Wordpress 2.0.7 Wordpress Wordpress 2.1 Wordpress Wordpress 2.1.1	10

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200703-23.NASL
description	The remote host is affected by the vulnerability described in GLSA-200703-23 (WordPress: Multiple vulnerabilities) WordPress contains cross-site scripting or cross-site scripting forgery vulnerabilities reported by: g30rg3_x in the
last seen	2020-06-01
modified	2020-06-02
plugin id	24889
published	2007-03-26
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/24889
title	GLSA-200703-23 : WordPress: Multiple vulnerabilities

Summary

Vulnerable Configurations

Nessus

References