WordPress 2.9 - Failure to Restrict URL Access

Description When WordPress implemented the new Trash feature they failed to change the permissions granted when the post is in the trash. This means that an unauthenticated user cannot see the post, however an authenticated user can, no matter what privileges they have, even ‘subscriber’. See...

WordPress 2.9 - Failure to Restrict URL Access

No description provided by source. WordPress = 2.9 Failure to Restrict URL Access http://www.thomasmackenzie.co.uk/ 1. Advisory Information Title: WordPress = 2.9 Failure to Restrict URL Access Date published: 2. Vulnerability Information Class: Failure to Restrict URL Access Remotely Exploitable...