Description
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin gSlideShow Cross-Site Request Forgery (0.1)
OpenSSL Cryptographic Issues Vulnerability (CVE-2010-0742)
WordPress Plugin Seriously Simple Podcasting Cross-Site Scripting (1.9.4)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3631)
WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.9.0.2)