First published: Mon Mar 14 2011(Updated: )
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | <=3.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.