Lucene search
TmacukPATCHSTACK:78061786134DA7F8AF2668BCE780C4E4HistoryFeb 13, 2010 - 12:00 a.m.
WordPress 2.9 - Failure to Restrict URL Access
2010-02-1300:00:00
tmacuk
patchstack.com
7
EPSS
0.006
Percentile
78.5%
A new feature, called “Trash”, was implemented so that users were able to retrieve posts that they may have deleted by accident. Any posts that are placed within the trash are viewable by authenticated users, no matter what privileges they have.
Solution
Update the WordPress, because since version 2.9
Usually the only protection for a URL is that links to that page are not presented to unauthorized users. But that kind of security is not enough to protect sensitive functions and data. You need to performe access control checks before a request to a function is granted. It will ensure that you are authorized to access that function.
References
Related
ubuntucve
ubuntucve
CVE-2010-0682
2010-02-23 00:00:00
nvd
nvd
CVE-2010-0682
2010-02-23 20:30:00
wpvulndb
wpvulndb
WordPress 2.9 - Failure to Restrict URL Access
2014-08-01 00:00:00
cvelist
cvelist
CVE-2010-0682
2010-02-23 20:00:00
openvas
openvas
WordPress Trashed Posts Information Disclosure Vulnerability
2010-02-24 00:00:00
Fedora Update for wordpress-mu FEDORA-2010-19329
2011-01-11 00:00:00
Fedora Update for wordpress-mu FEDORA-2010-19329
2011-01-11 00:00:00
prion
prion
Design/Logic Flaw
2010-02-23 20:30:00
debiancve
debiancve
CVE-2010-0682
2010-02-23 20:30:00
exploitdb
exploitdb
WordPress Core 2.9 - Failure to Restrict URL Access
2010-02-13 00:00:00
cve
cve
CVE-2010-0682
2010-02-23 20:30:00
fedora
fedora
[SECURITY] Fedora 13 Update: wordpress-mu-2.9.2-2.fc13
2011-01-08 21:27:32
[SECURITY] Fedora 14 Update: wordpress-mu-2.9.2-2.fc14
2011-01-08 21:30:20
nessus
nessus
Fedora 13 : wordpress-mu-2.9.2-2.fc13 (2010-19330)
2011-01-10 00:00:00
Fedora 14 : wordpress-mu-2.9.2-2.fc14 (2010-19329)
2011-01-10 00:00:00