Campaign Monitor for WordPress plugin for WordPress versions up to 2.8.15 contains a full path disclosure caused by improper access restriction and enabled display_errors in /forms/views/admin/create.php, letting unauthenticated attackers retrieve server paths, exploit requires display_errors to be enabled.
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view