WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
CPE | Name | Operator | Version |
---|---|---|---|
wp-cumulus | eq | 1.20 |