0.009 Low
EPSS
Percentile
82.8%
The attackers can bypass intended access restrictions for certain pages, because wp-includes/vars.php does not properly extract the current path from the PATH_INFO.
Update WordPress.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2146