CVE-2010-0682
published 2010-02-23CVE-2010-0682: WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
PriorityP427medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
9.86%
95.0th percentile
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 2.9.2-1 (bookworm) | wordpress 2.9.2-1 (bookworm) |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | >= 0 < 2.9.2-1 | 2.9.2-1 |
| wordpress | wordpress | >= 0 < 2.9.2-1 | 2.9.2-1 |
| wordpress | wordpress | >= 0 < 2.9.2-1 | 2.9.2-1 |
| wordpress | wordpress | >= 0 < 2.9.2-1 | 2.9.2-1 |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.0MEDIUM
vendor_debian4.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-0682: wordpress - WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts...
vendor_debian·2010·CVSS 4.0
CVE-2010-0682 [MEDIUM] CVE-2010-0682: wordpress - WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts...
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
Scope: local
bookworm: resolved (fixed in 2.9.2-1)
bullseye: resolved (fixed in 2.9.2-1)
forky: resolved (fixed in 2.9.2-1)
sid: resolved (fixed in 2.9.2-1)
trixie: resolved (fixed in 2.9.2-1)
GHSA
GHSA-h9mp-jg98-m7vh: WordPress 2
ghsa_unreviewed·2022-05-02
CVE-2010-0682 [MEDIUM] GHSA-h9mp-jg98-m7vh: WordPress 2
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
OSV
CVE-2010-0682: WordPress 2
osv·2010-02-23·CVSS 4.0
CVE-2010-0682 [MEDIUM] CVE-2010-0682: WordPress 2
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
No detection rules found.
Bugzilla
CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
bugzilla·2010-09-03·CVSS 9.3
CVE-2010-2767 [CRITICAL] CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
Security researcher Sergey Glazunov reported a dangling pointer
vulnerability in the implementation of navigator.plugins in which the
navigator object could retain a pointer to the plugins array even after it
had been destroyed. An attacker could potentially use this issue to crash
the browser and run arbitrary code on a victim's computer.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-51.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0682 https://rhn.redhat.com/errata/RHSA-2010-0682.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux
Bugzilla
CVE-2010-3169 Mozilla Miscellaneous memory safety hazards
bugzilla·2010-09-03·CVSS 9.3
CVE-2010-3169 [CRITICAL] CVE-2010-3169 Mozilla Miscellaneous memory safety hazards
CVE-2010-3169 Mozilla Miscellaneous memory safety hazards
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of
these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-49.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0682 https://rhn.redhat.com/errata/RHSA-2010-0682.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:06
Bugzilla
CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)
bugzilla·2010-09-03·CVSS 8.8
CVE-2010-2760 [HIGH] CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)
CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that there was a remaining dangling pointer issue leftover from
the fix to CVE-2010-2753. Under certain circumstances one of the pointers
held by a XUL tree selection could be freed and then later reused,
potentially resulting in the execution of attacker-controlled memory.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-54.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0682 https://rhn.redhat.com/errata/RHSA-2010-0682.html
---
This issue has been addressed in following products:
Red Hat Enterpri
Bugzilla
CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55)
bugzilla·2010-09-03·CVSS 9.3
CVE-2010-3168 [CRITICAL] CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55)
CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55)
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that XUL objects could be manipulated such that the
setting of certain properties on the object would trigger the removal of
the tree from the DOM and cause certain sections of deleted memory to be
accessed. An attacker could potentially use this vulnerability to crash a
victim's browser and run arbitrary code on their computer.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-55.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0682 https://rhn.redhat.com/errata/RHSA-2010-0682.html
---
This issue has
http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.htmlhttp://secunia.com/advisories/38592http://secunia.com/advisories/42871http://tmacuk.co.uk/?p=180http://wordpress.org/development/2010/02/wordpress-2-9-2/http://www.osvdb.org/62330https://core.trac.wordpress.org/ticket/11236http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.htmlhttp://secunia.com/advisories/38592http://secunia.com/advisories/42871http://tmacuk.co.uk/?p=180http://wordpress.org/development/2010/02/wordpress-2-9-2/http://www.osvdb.org/62330https://core.trac.wordpress.org/ticket/11236
2010-02-23
Published