Description
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Cross-Site Scripting (2.8.2.2)
Nginx Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-1247)
WordPress Plugin Quick Contact Form Security Bypass (8.0.1)
WordPress Plugin BuddyPress Customer.io Analytics Integration Cross-Site Request Forgery (1.1.6)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0195)