This vulnerability is in the wp-php-widget.php. It allows the attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
wp php widget | le | 1.0.2 |