Unrated severityNVD Advisory· Published Jan 29, 2007· Updated Jun 16, 2026
CVE-2007-0541
CVE-2007-0541
Description
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.
Affected products
2cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=2.0
- (no CPE)
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.