Description
WordPress is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input data. Exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks. WordPress 2.3.3 is vulnerable; other versions may also be affected.
Remediation
Update to WordPress version 2.5.1 or latest
References
Related Vulnerabilities
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)
WordPress Plugin Collapse-O-Matic Cross-Site Scripting (1.6.8)
WordPress Plugin VIDEO GALLERY 'upload1.php' Arbitrary File Upload (1.3)
WordPress Plugin Multiple Domain Cross-Site Scripting (1.0.2)
IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-4946)