CVE-2012-6634
WordPress < 3.3.3 - Information Disclosure and Media-Attachment Restriction Bypass via post_id Parameter
Title source: llmDescription
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.3.3
Product x_refsource_confirm
https://core.trac.wordpress.org/changeset/21087
Scores
EPSS
0.0081
EPSS Percentile
74.4%
Details
CWE
CWE-264
Status
published
Products (17)
wordpress/wordpress
3.0
wordpress/wordpress
3.0.1
wordpress/wordpress
3.0.2
wordpress/wordpress
3.0.3
wordpress/wordpress
3.0.4
wordpress/wordpress
3.0.5
wordpress/wordpress
3.0.6
wordpress/wordpress
3.1
wordpress/wordpress
3.1.1
wordpress/wordpress
3.1.2
... and 7 more
Published
Jan 21, 2014
Tracked Since
Feb 18, 2026