CVE-2005-2110

Name of the Vulnerable Software and Affected Versions: WordPress versions 1.5.1.2 and earlier WordPress version 2.0.1

Description: The issue allows remote attackers to obtain sensitive information. This can be achieved via a direct request to menu-header.php or by setting the feed parameter to a specific value in the following API endpoints: wp-atom.php, wp-rss.php, or wp-rss2.php. These actions reveal the path in an error message.

Recommendations: For WordPress versions 1.5.1.2 and earlier, consider upgrading to a newer version to resolve the issue. For WordPress version 2.0.1, consider upgrading to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the menu-header.php, wp-atom.php, wp-rss.php, and wp-rss2.php files to minimize the risk of exploitation. Avoid using the feed parameter in the affected API endpoints until the issue is resolved.