ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.0.4 - Multiple Security Vulnerabilities

Product
WordPress
Description
Because of these vulnerabilities, remote authenticated users can read draft posts or private posts via a modified "attachment_id" parameter.
Solution
Update WordPress.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2011-0701
Versions
Affected In <= 3.0.4
Fixed In 3.0.5
Disclosure date
2011-01-31