Description

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

Remediation

References

CVE-2012-6635

Related Vulnerabilities

WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.81)

WordPress Plugin iPages Flipbook For WordPress Cross-Site Scripting (1.4.2)

Squid CVE-2024-45802 Vulnerability (CVE-2024-45802)

WordPress Plugin Event Espresso 4 Decaf-Event Registration Event Ticketing Cross-Site Request Forgery (4.10.11.decaf)

WordPress Plugin Coming soon and Maintenance mode Unspecified Vulnerability (3.5.4)

Severity

Medium

Classification

CVE-2012-6635 CWE-264

Tags

Missing Update Known Vulnerabilities