Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0682 — Wordpress vulnerability

CWE-2649 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

25.4%

top 3.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wordpress Debian Wordpress

Timeline

PublishedFeb 23

Latest updateMay 2

Description

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.9.2-1 (bookworm)

▶Debianwordpress/wordpress< 2.9.2-1+3

▶NVDwordpress/wordpress2.9, 2.9.1+1

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-h9mp-jg98-m7vh: WordPress 2↗2022-05-02

▶

OSV

CVE-2010-0682: WordPress 2↗2010-02-23

▶

💥Exploits & PoCs

Exploit-DB

WordPress Core 2.9 - Failure to Restrict URL Access↗2010-02-13

▶

📋Vendor Advisories

Debian

CVE-2010-0682: wordpress - WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts...↗2010

▶

💬Community

Bugzilla

CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)↗2010-09-03

▶

Bugzilla

CVE-2010-3169 Mozilla Miscellaneous memory safety hazards↗2010-09-03

▶

Bugzilla

CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)↗2010-09-03

▶

Bugzilla

CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55)↗2010-09-03

▶