Description
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0125)
WordPress Plugin Dark Mode Cross-Site Scripting (1.6)
WordPress Plugin Backup and Staging by WP Time Capsule Security Bypass (1.21.15)
OpenSSL Other Vulnerability (CVE-2007-3108)
WordPress Plugin Facebook Promotion Generator for WordPress 'fbActivate.php' SQL Injection (1.3.3)