5

CVE-2011-3128

WordPress Core < 3.1.3 - Sensitive Information Disclosure

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version3.1
WordpressWordpress Version3.1.1
WordpressWordpress Version3.1.2
WordpressWordpress Version3.2 Updatebeta1
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-3.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.45% 0.822
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/49138
http://wordpress.org/news/2011/05/wordpress-3-1-3/
Patch
http://www.debian.org/security/2012/dsa-2470
http://www.securityfocus.com/bid/47995
http://core.trac.wordpress.org/changeset/18023/branches/3.1
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/69171
https://www.wordfence.com/threat-intel/vulnerabilities/id/ee01dab6-8e10-43aa-bc20-1f389f1e7d07
Third Party Advisory