CVE-2010-0682

medium

Description

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

References

https://core.trac.wordpress.org/ticket/11236

http://www.osvdb.org/62330

http://wordpress.org/development/2010/02/wordpress-2-9-2/

http://tmacuk.co.uk/?p=180

http://secunia.com/advisories/42871

http://secunia.com/advisories/38592

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html

http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/

Details

Source: Mitre, NVD

Published: 2010-02-23

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.25421