CVE-2012-6635Wordpress vulnerability

CWE-2644 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.7%
top 28.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJan 21
Latest updateMay 17

Description

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 3.4+dfsg-1 (bookworm)
Debianwordpress/wordpress< 3.4+dfsg-1+3
NVDwordpress/wordpress3.3.2+16

🔴Vulnerability Details

2
GHSA
GHSA-3g9q-9jqp-362q: wp-admin/includes/class-wp-posts-list-table2022-05-17
OSV
CVE-2012-6635: wp-admin/includes/class-wp-posts-list-table2014-01-21

📋Vendor Advisories

1
Debian
CVE-2012-6635: wordpress - wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does n...2012
CVE-2012-6635 — Debian Wordpress vulnerability | cvebase