Description

WordPress is prone to a security bypass vulnerability because it fails to properly restrict access to trashed posts. An attacker can exploit this vulnerability to perform otherwise restricted actions and subsequently view other authors' trashed posts, which may aid in launching further attacks. WordPress versions 2.9 and 2.9.1 are vulnerable.

Remediation

Update to WordPress version 2.9.2 or latest

References

http://www.securityfocus.com/bid/38368/exploit

http://www.exploit-db.com/exploits/11441/

http://packetstormsecurity.org/files/view/86274/wpurl-bypass.txt

http://secunia.com/advisories/38592/

https://wordpress.org/news/2010/02/wordpress-2-9-2/

Related Vulnerabilities

WordPress Plugin Delete All Comments Cross-Site Request Forgery (1.0)

WordPress 2.2.1 Multiple Vulnerabilities (2.2.1)

TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-36104)

WordPress Plugin Easy Team Manager SQL Injection (1.3.2)

WordPress Plugin Greg's High Performance SEO Cross-Site Scripting (1.6.1)

Severity

High

Classification

CVE-2010-0682 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass