Description

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

Remediation

References

CVE-2006-6016

Related Vulnerabilities

WordPress Plugin Calendar_plugin Cross-Site Scripting (1.0)

OpenSSL Out-of-bounds Read Vulnerability (CVE-2017-3731)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)

WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.1)

WordPress Plugin Conduit Banner 'banner-index-field-id' Parameter Cross-Site Scripting (0.2)

Severity

Medium

Classification

CVE-2006-6016

Tags

Missing Update Known Vulnerabilities