CVE-2012-6635
WordPress < 3.3.3 - Authenticated Information Disclosure via Draft Excerpt Access
Title source: llmDescription
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.
References (2)
Core 2
Core References
Product x_refsource_confirm
https://core.trac.wordpress.org/changeset/21086
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.3.3
Scores
EPSS
0.0069
EPSS Percentile
72.0%
Details
CWE
CWE-264
Status
published
Products (17)
wordpress/wordpress
3.0
wordpress/wordpress
3.0.1
wordpress/wordpress
3.0.2
wordpress/wordpress
3.0.3
wordpress/wordpress
3.0.4
wordpress/wordpress
3.0.5
wordpress/wordpress
3.0.6
wordpress/wordpress
3.1
wordpress/wordpress
3.1.1
wordpress/wordpress
3.1.2
... and 7 more
Published
Jan 21, 2014
Tracked Since
Feb 18, 2026