CVE-2012-3385

WordPress < 3.4.1 - Unauthenticated Sensitive Information Exposure via Post Content Access

Title source: llm
STIX 2.1

Description

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

References (3)

Core 3
Core References
Product x_refsource_confirm
http://codex.wordpress.org/Version_3.4.1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/08/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/02/1

Scores

EPSS 0.0067
EPSS Percentile 71.5%

Details

CWE
CWE-264
Status published
Products (49)
wordpress/wordpress 0.71
wordpress/wordpress 1.0
wordpress/wordpress 1.0.1
wordpress/wordpress 1.0.2
wordpress/wordpress 1.1.1
wordpress/wordpress 1.2
wordpress/wordpress 1.2.1
wordpress/wordpress 1.2.2
wordpress/wordpress 1.2.3
wordpress/wordpress 1.2.4
... and 39 more
Published Jul 22, 2012
Tracked Since Feb 18, 2026