WordPress 2.9 prior to 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 2.9 |
||
wordpress wordpress 2.9.1 |