CVE-2011-0701 — Sensitive Information Exposure in Wordpress

CWE-200 — Sensitive Information Exposure9 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

1.6%

top 18.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedMar 14

Latest updateMay 17

Description

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.0.5+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.0.5+dfsg-1+3

▶NVDwordpress/wordpress3.0.4

Patches

Patch: codex.wordpress.org ↗Patch: core.trac.wordpress.org ↗Patch: www.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-8xjm-q43j-6v96: wp-admin/async-upload↗2022-05-17

▶

OSV

CVE-2011-0701: wp-admin/async-upload↗2011-03-14

▶

📋Vendor Advisories

Debian

CVE-2011-0701: wordpress - wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows...↗2011

▶

💬Community

Bugzilla

CVE-2011-0700 CVE-2011-0701 wordpress: multiple vulnerabilities corrected in 3.0.5 [epel-5]↗2011-03-15

▶

Bugzilla

CVE-2011-0700 CVE-2011-0701 wordpress: multiple vulnerabilities corrected in 3.0.5 [fedora-all]↗2011-03-15

▶

Bugzilla

CVE-2011-0700 CVE-2011-0701 wordpress: multiple vulnerabilities corrected in 3.0.5 [epel-all]↗2011-03-15

▶

Bugzilla

CVE-2011-0700 CVE-2011-0701 wordpress: multiple vulnerabilities corrected in 3.0.5 [fedora-all]↗2011-03-15

▶

Bugzilla

CVE-2011-0700 CVE-2011-0701 wordpress: multiple vulnerabilities corrected in 3.0.5↗2011-03-15

▶