CVE-2005-4463

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 1.5.2 WordPress version 2.0.1

Description The issue allows remote attackers to obtain sensitive information via direct requests to various PHP files, including "wp-includes/vars.php", "wp-content/plugins/hello.php", "wp-admin/upgrade-functions.php", "wp-admin/edit-form.php", "wp-settings.php", and "wp-admin/edit-form-comment.php". These requests can leak the path in an error message related to undefined functions or failed includes.

Recommendations For WordPress versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. For WordPress version 2.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the mentioned PHP files to minimize the risk of exploitation.