WordPress Trashed Posts Information Disclosure Vulnerability Network Vulnerability

Summary

WordPress is prone to an information-disclosure vulnerability because it fails to properly restrict access to trashed posts. An attacker can exploit this vulnerability to view other authors' trashed posts, which may aid in further attacks. Versions prior to WordPress 2.9.2 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://tmacuk.co.uk/?p=180
http://wordpress.org/
http://wordpress.org/development/2010/02/wordpress-2-9-2/
http://www.securityfocus.com/bid/38368

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0682

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N

Related Vulnerabilities

appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
AbanteCart Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities