Wordpress 3.4 – 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure

Affects WordPress

3.5.1

Fixed in WordPress 3.5.2

3.5

Fixed in WordPress 3.5.2

3.4.2

Fixed in WordPress 3.5.2

3.4.1

Fixed in WordPress 3.5.2

3.4

Fixed in WordPress 3.5.2

References

URL

https://seclists.org/fulldisclosure/2013/Jul/70

Classification

Type

FPD

OWASP top 10

A6: Security Misconfiguration

CWE

CWE-209

Miscellaneous

Verified

No

WPVDB ID

a90b5552-74f5-43f8-8bd5-36744265768f

Timeline

Publicly Published

2013-06-21 (about 10 years ago)

Added

2014-08-01 (about 9 years ago)

Last Updated

2019-10-21 (about 4 years ago)

Other

Published

Title

Published

2014-08-01

Title

Sahifa 2.4.0 - Multiple Full Path Disclosure

Published

2014-08-01

Title

Spam Free Plugin 1.9.2 - Multiple Script Direct Request Path Disclosure

Published

2014-08-01

Title

Tera Charts 0.1 - charts/zoomabletreemap.php fn Parameter Remote Path Traversal File Disclosure

Published

2014-08-01

Title

JS MultiHotel 2.2.1 - includes/timthumb.php src Parameter Direct Request Path Disclosure

Published

2014-08-01

Title

NextGEN Gallery <= 1.7.3 - xml/ajax.php Path Disclosure