UBUNTU-CVE-2020-11028

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

CVE-2020-11028 Unauthenticated disclosure of certain private posts in WordPress

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

CVE-2020-11028

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

WordPress < 5.4.1 - Unauthenticated Users View Private Posts

Description This could have allowed unauthenticated users to view private posts by manipulating time and date queries...

PT-2020-3603 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: In affected versions of WordPress, some priva...

Unauthenticated Access To Restricted Resources

wordpress allows unauthenticated access to restricted resources. This vulnerability could allow unauthenticated users to view private or draft posts that would otherwise be restricted...

WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts

Description This vulnerability could allow an unauthenticated user to view private or draft posts due to an issue within WPQuery. http://wordpress.local/?static=1&order=asc...

Facebook bug exposed private posts of 14 million users to public

By Carolina The social media giant Facebook said on Thursday that a critical bug This is a post from HackRead.com Read the original post: Facebook bug exposed private posts of 14 million users to public...

Facebook Software Bug Made Some Private Posts Public: 14 Million Affected

A Facebook software bug in May switched the “suggested audience” for posts to “public” for 14 millions of users. The glitch meant Facebook users who though they were sharing content with just friends or small groups actually made their posts available to the general public. The incident is the...

SecNews: Querying private posts and changing post meta

Summary --- Unauthenticated user can run arbitrary post queries and insert arbitrary numeric post meta via vulnerable /wp-content/themes/SecNews-NewCustom/functions/ajax.php file. I'm including two exploits in one report because the fix for both is the same, i.e. delete ajax.php. Run arbitrary po...

DEBIAN-CVE-2015-5715

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

UBUNTU-CVE-2015-5715

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

CVE-2015-5715

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

WordPress < 4.3.1 Multiple Vulnerabilities

Binary data 9032.prm...

[SECURITY] [DSA 3375-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...

Debian DSA-3375-1 : wordpress - security update

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. - CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. - CVE-2015-5715 A vulnerabilit...

Debian Security Advisory DSA 3375-1 (wordpress - security update)

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability ha...

wordpress: multiple issues

CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 permission bypass It has been discovered that users without proper permissions could publish private posts and make them sticky...

WordPress < 4.3.1 Multiple Vulnerabilities

According to its version number, the WordPress application running on the remote web server is prior to 4.3.1. It is, therefore, potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists when processing shortcode tags due to improper validation of...

DEBIAN-CVE-2012-3385

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors...