Description

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

Remediation

References

CVE-2010-0682

Related Vulnerabilities

e107 Deserialization of Untrusted Data Vulnerability (CVE-2016-10753)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1950)

Oracle JRE Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-21147)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-25727)

WordPress Plugin Comment Rating Cross-Site Request Forgery (2.9.20)

Severity

Medium

Classification

CVE-2010-0682 CWE-264

Tags

Missing Update Known Vulnerabilities