WordPress Themes Information Disclosure

OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WASC-08

In old versions of WordPress, there are various themes created by ThemeMakers. These themes suffered a major vulnerability called information disclosure vulnerability. Information disclosure vulnerability is a vulnerability met, when an application fails to properly protect sensitive information from attackers. The attackers include users that are not supposed to access these information in normal privileges. An attack can be successfully exploited using browser.

Impact

The impact include:-

  • The attacker will get full privileges.
  • Possible data breach

Mitigation / Precaution

Latest Articles