Sensitive Information Exposure in WP-Cumulus Plugin for WordPress
CVE-2009-4170

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-cumulus
Vendor: CVE Published:; 2 December 2009

What is CVE-2009-4170?

The WP-Cumulus plugin version 1.20 and potentially other versions enables remote attackers to exploit a flaw by sending crafted requests to the wp-cumulus.php endpoint. This could result in the disclosure of sensitive information, such as the installation path, through an error message. Proper validation and sanitization of inputs are critical to mitigate such vulnerabilities.

References

http://websecurity.com.ua/3665/

x_refsource_MISC

http://www.securityfocus.com/archive/1/508071/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2009
Vulnerability Reserved
Dec 2, 2009

Wordpress

What is CVE-2009-4170?

References

Timeline