CVE-2006-6998

install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...

CVE-2005-4787

Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to 1 index.php, 2 admin/index.php, and 3 admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the co...

CVE-2003-1257

findthenihome.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo...

CVE-2002-2044

Cross-site scripting XSS vulnerability in xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action...

CVE-2005-4173

eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function...

CVE-2025-2880

The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in t...

CVE-2025-2880

CVE-2025-2880 affects the WordPress plugin Yame | Link In Bio. The issue is an unauthenticated Sensitive Information Exposure via a publicly accessible phpinfo.php script, impacting all versions up to and including 0.9.0. Publicly exposed information could include potentially sensitive data. Mult...

PT-2025-18740 · WordPress · Yame | Link In Bio

Name of the Vulnerable Software and Affected Versions: The Yame | Link In Bio plugin for WordPress versions 0.9.0 and earlier Description: The issue allows unauthenticated attackers to view potentially sensitive information contained in an exposed file through the publicly accessible phpinfo.php...

CVE-2025-2881

The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in th...

CVE-2025-2881

The CVE CVE-2025-2881 concerns the Developer Toolbar plugin for WordPress. According to the supplied documents, it is an unauthenticated information exposure vulnerability that affects versions up to and including 1.0.3, occurring via a publicly accessible phpinfo.php script. The connected docume...

CVE-2025-2881 Developer Toolbar <= 1.0.3 - Unauthenticated Information Exposure

The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in th...

CVE-2025-2841 Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure

The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

PT-2025-16161 · WordPress · Developer Toolbar

Name of the Vulnerable Software and Affected Versions: Developer Toolbar plugin for WordPress versions 1.0.3 and earlier Description: The issue allows unauthenticated attackers to view potentially sensitive information contained in an exposed file through the publicly accessible phpinfo.php scrip...

CVE-2025-2883

The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive...

WordPress plugin Accept SagePay Payments Using Contact Form 7 信息泄露漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin Accept...

WordPress plugin GreenPay(tm) by Green.Money 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

WordPress plugin DAP to Autoresponders Email Syncing 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

CVE-2024-12542

The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined...

CVE-2024-12542

The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined...

PT-2025-1892 · WordPress · Linkid Plugin

Name of the Vulnerable Software and Affected Versions: linkID plugin for WordPress versions up to, and including, 0.1.2 Description: The issue arises from a missing capability check when including the 'phpinfo' function, allowing unauthorized access to data. This enables unauthenticated attackers...