Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-0682

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Feb, 2010 | 20:00
Updated At-07 Aug, 2024 | 00:59
Rejected At-
Credits

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Feb, 2010 | 20:00
Updated At:07 Aug, 2024 | 00:59
Rejected At:
▼CVE Numbering Authority (CNA)

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html
vendor-advisory
x_refsource_FEDORA
http://tmacuk.co.uk/?p=180
x_refsource_MISC
http://wordpress.org/development/2010/02/wordpress-2-9-2/
x_refsource_CONFIRM
http://secunia.com/advisories/42871
third-party-advisory
x_refsource_SECUNIA
http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/
x_refsource_MISC
https://core.trac.wordpress.org/ticket/11236
x_refsource_CONFIRM
http://secunia.com/advisories/38592
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html
vendor-advisory
x_refsource_FEDORA
http://www.osvdb.org/62330
vdb-entry
x_refsource_OSVDB
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://tmacuk.co.uk/?p=180
Resource:
x_refsource_MISC
Hyperlink: http://wordpress.org/development/2010/02/wordpress-2-9-2/
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/42871
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/
Resource:
x_refsource_MISC
Hyperlink: https://core.trac.wordpress.org/ticket/11236
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/38592
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.osvdb.org/62330
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://tmacuk.co.uk/?p=180
x_refsource_MISC
x_transferred
http://wordpress.org/development/2010/02/wordpress-2-9-2/
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/42871
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/
x_refsource_MISC
x_transferred
https://core.trac.wordpress.org/ticket/11236
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/38592
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.osvdb.org/62330
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://tmacuk.co.uk/?p=180
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://wordpress.org/development/2010/02/wordpress-2-9-2/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/42871
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://core.trac.wordpress.org/ticket/11236
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/38592
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.osvdb.org/62330
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Feb, 2010 | 20:30
Updated At:11 Apr, 2025 | 00:51

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
WordPress.org
wordpress
>>wordpress>>2.9
cpe:2.3:a:wordpress:wordpress:2.9:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.9.1
cpe:2.3:a:wordpress:wordpress:2.9.1:*:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.9.1
cpe:2.3:a:wordpress:wordpress:2.9.1:beta1:*:*:*:*:*:*
WordPress.org
wordpress
>>wordpress>>2.9.1
cpe:2.3:a:wordpress:wordpress:2.9.1:rc1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/cve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.htmlcve@mitre.org
N/A
http://secunia.com/advisories/38592cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/42871cve@mitre.org
N/A
http://tmacuk.co.uk/?p=180cve@mitre.org
N/A
http://wordpress.org/development/2010/02/wordpress-2-9-2/cve@mitre.org
Patch
Vendor Advisory
http://www.osvdb.org/62330cve@mitre.org
N/A
https://core.trac.wordpress.org/ticket/11236cve@mitre.org
N/A
http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/38592af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42871af854a3a-2127-422b-91ae-364da2661108
N/A
http://tmacuk.co.uk/?p=180af854a3a-2127-422b-91ae-364da2661108
N/A
http://wordpress.org/development/2010/02/wordpress-2-9-2/af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.osvdb.org/62330af854a3a-2127-422b-91ae-364da2661108
N/A
https://core.trac.wordpress.org/ticket/11236af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/38592
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42871
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://tmacuk.co.uk/?p=180
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://wordpress.org/development/2010/02/wordpress-2-9-2/
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.osvdb.org/62330
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://core.trac.wordpress.org/ticket/11236
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/38592
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42871
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://tmacuk.co.uk/?p=180
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://wordpress.org/development/2010/02/wordpress-2-9-2/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.osvdb.org/62330
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://core.trac.wordpress.org/ticket/11236
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2006-6016
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 68.55%
||
7 Day CHG~0.00%
Published-21 Nov, 2006 | 23:00
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-6635
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.87% / 74.32%
||
7 Day CHG~0.00%
Published-21 Jan, 2014 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CVE-2017-14990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.88%
||
7 Day CHG+0.01%
Published-02 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2011-0701
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-1.01% / 76.19%
||
7 Day CHG~0.00%
Published-14 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-29447
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-88.73% / 99.49%
||
7 Day CHG+0.85%
Published-15 Apr, 2021 | 21:10
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Authenticated XXE attack when installation is running PHP 8

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

Action-Not Available
Vendor-WordPressDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxwordpress-develop
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-10148
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.18%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-29450
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.59% / 80.92%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 21:20
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Authenticated disclosure of password-protected posts and pages

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

Action-Not Available
Vendor-WordPressDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxwordpress-develop
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Details not found