Xzerox

**Name of the Vulnerable Software and Affected Versions** WordPress version 2.0.3 **Description** The issue allows remote attackers to potentially obtain sensitive information, such as SQL table prefixes, via an invalid `paged` parameter in `index.php`, which may display the information in an SQL error message. However, it is noted that a third party disputes this issue, claiming it does not leak any target-specific information. **Recommendations** For WordPress version 2.0.3, as a temporary workaround, consider restricting access to the `index.php` file or validating the `paged` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress version 2.0.3 **Description** The issue allows remote attackers to obtain the installation path via a direct request to various files, such as those in the wp-admin, wp-content, and wp-includes directories, possibly due to uninitialized variables like `installation path`. **Recommendations** For WordPress version 2.0.3, update to a newer version to mitigate the risk, as uninitialized variables in the affected directories can be exploited to reveal sensitive information.