CVE-2010-0682

2010-02-2320:30:00

CWE-264

mitre

web.nvd.nist.gov

wordpress

cve-2010-0682

security vulnerability

trash posts

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.006

Percentile

78.5%

JSON

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

Affected configurations

Nvd

Node

wordpresswordpressMatch2.9

wordpresswordpressMatch2.9.1

wordpresswordpressMatch2.9.1beta1

wordpresswordpressMatch2.9.1rc1

VendorProductVersionCPE
wordpresswordpress2.9cpe:2.3:a:wordpress:wordpress:2.9:*:*:*:*:*:*:*
wordpresswordpress2.9.1cpe:2.3:a:wordpress:wordpress:2.9.1:*:*:*:*:*:*:*
wordpresswordpress2.9.1cpe:2.3:a:wordpress:wordpress:2.9.1:beta1:*:*:*:*:*:*
wordpresswordpress2.9.1cpe:2.3:a:wordpress:wordpress:2.9.1:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	wordpress	2.9	cpe:2.3:a:wordpress:wordpress:2.9:::::::*
wordpress	wordpress	2.9.1	cpe:2.3:a:wordpress:wordpress:2.9.1:::::::*
wordpress	wordpress	2.9.1	cpe:2.3:a:wordpress:wordpress:2.9.1:beta1::::::
wordpress	wordpress	2.9.1	cpe:2.3:a:wordpress:wordpress:2.9.1:rc1::::::