Description

WordPress is prone to a security bypass vulnerability. Exploiting this issue could allow an attacker to perform otherwise restricted actions and subsequently read draft posts before they have been published. WordPress version 2.3.1 is vulnerable; prior versions may also be affected.

Remediation

Update to WordPress version 2.3.2 or latest

References

https://core.trac.wordpress.org/ticket/5487

http://www.securityfocus.com/archive/1/485160

http://secunia.com/advisories/28130/

https://wordpress.org/news/2007/12/wordpress-232/

Related Vulnerabilities

WordPress Plugin Media from FTP PHP Object Injection (9.79)

WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection (1.2.2.5)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Arbitrary File Deletion (3.1.4)

WordPress Plugin FooGallery Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.4.31)

WordPress Plugin Child Theme Creator by Orbisius Arbitrary File Modification (1.2.6)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update