Description

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

Remediation

References

CVE-2012-6635

Related Vulnerabilities

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17223)

Oracle JRE CVE-2023-21830 Vulnerability (CVE-2023-21830)

WordPress Plugin Magic Fields Arbitrary File Upload (1.6.3.2)

Serendipity Other Vulnerability (CVE-2005-1134)

WordPress Plugin WP Hotel Booking Cross-Site Request Forgery (1.10.5)

Severity

Medium

Classification

CVE-2012-6635 CWE-264

Tags

Missing Update Known Vulnerabilities