Description

WordPress is prone to a security bypass vulnerability because it fails to properly restrict access to trashed posts. An attacker can exploit this vulnerability to perform otherwise restricted actions and subsequently view other authors' trashed posts, which may aid in launching further attacks. WordPress versions 2.9 and 2.9.1 are vulnerable.

Remediation

Update to WordPress version 2.9.2 or latest

References

http://www.securityfocus.com/bid/38368/exploit

http://www.exploit-db.com/exploits/11441/

http://packetstormsecurity.org/files/view/86274/wpurl-bypass.txt

http://secunia.com/advisories/38592/

https://wordpress.org/news/2010/02/wordpress-2-9-2/

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1903)

WordPress Plugin Contact Form 7 Security Bypass (3.7.1)

WordPress Other Vulnerability (CVE-2006-5705)

Apache HTTP Server Other Vulnerability (CVE-2004-0942)

WordPress Plugin Menu Creator 'updateSortOrder.php' SQL Injection (1.1.7)

Severity

High

Classification

CVE-2010-0682 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass