Description

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

Remediation

References

CVE-2011-0701

Related Vulnerabilities

Oracle Database Server CVE-2007-5530 Vulnerability (CVE-2007-5530)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-5360)

MySQL CVE-2023-22046 Vulnerability (CVE-2023-22046)

WordPress Plugin LOGIN AND REGISTRATION ATTEMPTS LIMIT Cross-Site Request Forgery (2.1)

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Remote Code Execution (1.5.89)

Severity

Medium

Classification

CVE-2011-0701 CWE-200

Tags

Missing Update Known Vulnerabilities