[原文]Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
WordPress Multiple Script Direct Request Path Disclosure
Remote / Network Access
Loss of Confidentiality
WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests any one of a number of scripts that calls an unspecified function. The resulting error message will disclose the physical installation path, resulting in a loss of confidentiality.
Upgrade to version 1.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.