Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackTmacukPATCHSTACK:78061786134DA7F8AF2668BCE780C4E4
HistoryFeb 13, 2010 - 12:00 a.m.

WordPress 2.9 - Failure to Restrict URL Access

2010-02-1300:00:00
tmacuk
patchstack.com
5

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

A new feature, called “Trash”, was implemented so that users were able to retrieve posts that they may have deleted by accident. Any posts that are placed within the trash are viewable by authenticated users, no matter what privileges they have.

Solution

           Update the WordPress, because since version 2.9

Usually the only protection for a URL is that links to that page are not presented to unauthorized users. But that kind of security is not enough to protect sensitive functions and data. You need to performe access control checks before a request to a function is granted. It will ensure that you are authorized to access that function.

CPENameOperatorVersion
wordpresseq2.9
wordpresseq2.9.1

Related

nvd 1
ubuntucve 1
debiancve 1
cve 1
openvas 7
wpvulndb 1
cvelist 1
prion 1
nessus 2
fedora 2
nvd
nvd
CVE-2010-0682
2010-02-23 20:30:00
ubuntucve
ubuntucve
CVE-2010-0682
2010-02-23 00:00:00
debiancve
debiancve
CVE-2010-0682
2010-02-23 20:30:00
cve
cve
CVE-2010-0682
2010-02-23 20:30:00
openvas
openvas
WordPress Trashed Posts Information Disclosure Vulnerability
2010-02-24 00:00:00
Fedora Update for wordpress-mu FEDORA-2010-19329
2011-01-11 00:00:00
Fedora Update for wordpress-mu FEDORA-2010-19329
2011-01-11 00:00:00
wpvulndb
wpvulndb
WordPress 2.9 - Failure to Restrict URL Access
2014-08-01 00:00:00
cvelist
cvelist
CVE-2010-0682
2010-02-23 20:00:00
prion
prion
Design/Logic Flaw
2010-02-23 20:30:00
nessus
nessus
Fedora 14 : wordpress-mu-2.9.2-2.fc14 (2010-19329)
2011-01-10 00:00:00
Fedora 13 : wordpress-mu-2.9.2-2.fc13 (2010-19330)
2011-01-10 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: wordpress-mu-2.9.2-2.fc14
2011-01-08 21:30:20
[SECURITY] Fedora 13 Update: wordpress-mu-2.9.2-2.fc13
2011-01-08 21:27:32

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON
Related for PATCHSTACK:78061786134DA7F8AF2668BCE780C4E4
nvd1ubuntucve1debiancve1cve1openvas7wpvulndb1cvelist1prion1nessus2fedora2