CVE-2016-5835 — Sensitive Information Exposure in Wordpress

CWE-200 — Sensitive Information Exposure7 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJun 29

Latest updateMay 17

Description

WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.5.3+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.5.3+dfsg-1+3

▶NVDwordpress/wordpress4.5.2

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-4fgx-wpwv-vr2r: WordPress before 4↗2022-05-17

▶

OSV

CVE-2016-5835: WordPress before 4↗2016-06-29

▶

📋Vendor Advisories

Debian

CVE-2016-5835: wordpress - WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-hist...↗2016

▶

💬Community

Bugzilla

CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release↗2016-06-23

▶

Bugzilla

CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release [fedora-all]↗2016-06-23

▶

Bugzilla

CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release [epel-all]↗2016-06-23

▶