Vuln ID: CVE-2019-10675
Published: 2019-03-31 19:29:00Z
Description: ** DISPUTED ** WordPress 5.1.1 allows remote authenticated authors to obtain sensitive information via a modified PNG file to the wp-admin/media-new.php?browser-uploader Media Uploader feature, which reveals the full path in a wp-includes/functions.php exif_imagetype() error message, even when the "display_errors = Off" setting is used and wp_config.php has debugging disabled. NOTE: the vendor cannot reproduce this.
Source: NVD.NIST.GOV