CVE-2011-0701

🗓️ 14 Mar 2011 19:00:00Reported by redhatType

cve

cve🔗 web.nvd.nist.gov👁 125 Views🌐 WEB

CVE-2011-0701 - WordPress 3.0.5 Media Uploader Vulnerabilit

Reporter	Title	Published	Views	Family All 42
Tenable Nessus	WordPress < 3.0.5 Multiple Vulnerabilities	10 Feb 201100:00	–	nessus
Tenable Nessus	Debian DSA-2190-1 : wordpress - several vulnerabilities	14 Mar 201100:00	–	nessus
Tenable Nessus	Fedora 15 : wordpress-3.1-1.fc15 (2011-3408)	22 Mar 201100:00	–	nessus
Tenable Nessus	Fedora 13 : wordpress-3.1-1.fc13 (2011-3738)	30 Mar 201100:00	–	nessus
Tenable Nessus	Fedora 14 : wordpress-3.1-1.fc14 (2011-3746)	30 Mar 201100:00	–	nessus
Tenable Nessus	WordPress < 3.0.5 Multiple Vulnerabilities	10 Feb 201100:00	–	nessus
Cvelist	CVE-2011-0701	14 Mar 201119:00	–	cvelist
Debian	[SECURITY] [DSA 2190-1] wordpress security update	11 Mar 201115:20	–	debian
Debian	[SECURITY] [DSA 2190-1] wordpress security update	11 Mar 201115:20	–	debian
Debian CVE	CVE-2011-0701	14 Mar 201119:00	–	debiancve

NVD

Node

wordpress wordpressRange≤3.0.4

Source	Link
core	www.core.trac.wordpress.org/changeset/17393
openwall	www.openwall.com/lists/oss-security/2011/02/08/7
secunia	www.secunia.com/advisories/43729
openwall	www.openwall.com/lists/oss-security/2011/02/09/13
vupen	www.vupen.com/english/advisories/2011/0721
wordpress	www.wordpress.org/news/2011/02/wordpress-3-0-5/
vupen	www.vupen.com/english/advisories/2011/0658
codex	www.codex.wordpress.org/Version_3.0.5
securityfocus	www.securityfocus.com/bid/46249
lists	www.lists.fedoraproject.org/pipermail/package-announce/2011-March/057003.html

Parameter	Position	Path	Description	CWE
attachment_id	query param	wp-admin/async-upload.php	WordPress media uploader vulnerability allowing remote authenticated users to read draft or private posts by modifying the attachment_id parameter.	CWE-200

29 Apr 2026 01:13Current

5.8Medium risk

Vulners AI Score5.8

CVSS 24

EPSS0.01555

cve wordpress 3.0.5 media uploader vulnerability remote access authenticated users