WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wordpress | Wordpress | * | 2.0 (including) |
| Wordpress | Ubuntu | dapper | * |
| Wordpress | Ubuntu | edgy | * |
| Wordpress | Ubuntu | upstream | * |