Description
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin MobileChief-Mobile Site Builder Cross-Site Scripting (1.5.7)
WordPress Plugin Ad-minister Cross-Site Scripting (0.6)
WordPress Plugin Woocommerce CSV importer Arbitrary File Deletion (3.3.6)
WordPress Plugin Uploader Cross-Site Scripting and Arbitrary File Upload Vulnerabilities (1.0.4)