Description
WordPress is prone to a security bypass vulnerability because it fails to properly restrict access to trashed posts. An attacker can exploit this vulnerability to perform otherwise restricted actions and subsequently view other authors' trashed posts, which may aid in launching further attacks. WordPress versions 2.9 and 2.9.1 are vulnerable.
Remediation
Update to WordPress version 2.9.2 or latest
References
http://www.securityfocus.com/bid/38368/exploit
http://www.exploit-db.com/exploits/11441/
http://packetstormsecurity.org/files/view/86274/wpurl-bypass.txt
Related Vulnerabilities
WordPress Plugin Image News slider 'upload.php' Arbitrary File Upload (3.3)
WordPress Plugin Bad Behavior Multiple Vulnerabilities (2.2.18)
Oracle JRE CVE-2013-5818 Vulnerability (CVE-2013-5818)
WordPress Plugin WebLibrarian SQL Injection (3.5.4)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-39200)