Description

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.

Remediation

References

CVE-2012-6634

Related Vulnerabilities

WordPress Plugin Web Application Firewall-website security Unspecified Vulnerability (2.1.2)

XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31982)

WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.4.43)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2019-3894)

PHP Use After Free Vulnerability (CVE-2016-7479)

Severity

Medium

Classification

CVE-2012-6634 CWE-264

Tags

Missing Update Known Vulnerabilities