Published: 22/07/2012 Updated: 23/07/2012

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

WordPress prior to 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 3.3.3
wordpress wordpress 3.2
wordpress wordpress 3.1.4
wordpress wordpress 3.1
wordpress wordpress 3.1.3
wordpress wordpress 2.9.1.1
wordpress wordpress 2.0.11
wordpress wordpress 2.5.1
wordpress wordpress 2.6.2
wordpress wordpress 2.1.3
wordpress wordpress 2.6
wordpress wordpress 2.3.1
wordpress wordpress 2.0
wordpress wordpress 2.2.2
wordpress wordpress 2.5
wordpress wordpress 2.8.3
wordpress wordpress 2.7.1
wordpress wordpress 2.8.5
wordpress wordpress 1.0.2
wordpress wordpress 1.2
wordpress wordpress 1.0
wordpress wordpress 1.0.1
wordpress wordpress 3.3
wordpress wordpress 3.1.2
wordpress wordpress 3.0.5
wordpress wordpress 3.0
wordpress wordpress 2.9
wordpress wordpress 2.2.3
wordpress wordpress 2.0.8
wordpress wordpress 2.6.3
wordpress wordpress 2.6.1
wordpress wordpress 2.3.2
wordpress wordpress 2.0.10
wordpress wordpress 2.1.1
wordpress wordpress 2.7
wordpress wordpress 2.8.1
wordpress wordpress 2.8.4
wordpress wordpress 1.5.2
wordpress wordpress 1.5.1
wordpress wordpress 1.2.2
wordpress wordpress 1.2.5
wordpress wordpress 1.2.3
wordpress wordpress
wordpress wordpress 3.0.4
wordpress wordpress 3.0.3
wordpress wordpress 3.0.2
wordpress wordpress 3.0.1
wordpress wordpress 2.0.9
wordpress wordpress 2.2
wordpress wordpress 2.2.1
wordpress wordpress 2.3.3
wordpress wordpress 2.0.4
wordpress wordpress 2.0.5
wordpress wordpress 2.0.6
wordpress wordpress 2.0.7
wordpress wordpress 2.1
wordpress wordpress 2.8.2
wordpress wordpress 1.5.1.1
wordpress wordpress 1.5.1.2
wordpress wordpress 1.5.1.3
wordpress wordpress 1.1.1
wordpress wordpress 1.3.3
wordpress wordpress 1.3
wordpress wordpress 1.3.2
wordpress wordpress 3.3.2
wordpress wordpress 3.2.1
wordpress wordpress 3.1.1
wordpress wordpress 3.0.6
wordpress wordpress 2.9.2
wordpress wordpress 2.9.1
wordpress wordpress 2.3
wordpress wordpress 2.8
wordpress wordpress 2.8.6
wordpress wordpress 2.0.1
wordpress wordpress 2.0.2
wordpress wordpress 2.1.2
wordpress wordpress 2.6.5
wordpress wordpress 2.8.5.1
wordpress wordpress 2.8.5.2
wordpress wordpress 1.5
wordpress wordpress 1.2.1
wordpress wordpress 1.2.4
wordpress wordpress 0.71

Debian Bug report logs - #713947 wordpress: Multiple security issues Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 24 Jun 2013 06:39:02 UTC Severity: grave Tags: ...

Debian Bug report logs - #680721 wordpress: Several security vulnerabilities fixed in 341 CVE-2012-3383, CVE-2012-3384, CVE-2012-3385 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> D ...

CWE-264 http://codex.wordpress.org/Version_3.4.1 http://www.openwall.com/lists/oss-security/2012/07/02/1 http://www.openwall.com/lists/oss-security/2012/07/08/1 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947

CVE-2012-3385

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect