Description
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Calendar_plugin Cross-Site Scripting (1.0)
OpenSSL Out-of-bounds Read Vulnerability (CVE-2017-3731)
PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.1)
WordPress Plugin Conduit Banner 'banner-index-field-id' Parameter Cross-Site Scripting (0.2)