4

CVE-2012-6635

WordPress Core <= 3.3.2 - Sensitive Information Disclosure

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.3.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.3.3)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 3.3.2
WordpressWordpress Version3.0
WordpressWordpress Version3.0.1
WordpressWordpress Version3.0.2
WordpressWordpress Version3.0.3
WordpressWordpress Version3.0.4
WordpressWordpress Version3.0.5
WordpressWordpress Version3.0.6
WordpressWordpress Version3.1
WordpressWordpress Version3.1.1
WordpressWordpress Version3.1.2
WordpressWordpress Version3.1.3
WordpressWordpress Version3.1.4
WordpressWordpress Version3.2
WordpressWordpress Version3.2 Updatebeta1
WordpressWordpress Version3.2.1
WordpressWordpress Version3.3
WordpressWordpress Version3.3.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.69% 0.709
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N