Summary
WordPress is prone to an information-disclosure vulnerability because it fails to properly restrict access to trashed posts.
An attacker can exploit this vulnerability to view other authors' trashed posts, which may aid in further attacks.
Versions prior to WordPress 2.9.2 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-0682 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities