Unrated severityNVD Advisory· Published Mar 14, 2011· Updated Apr 29, 2026
CVE-2011-0701
CVE-2011-0701
Description
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
Affected products
1- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*Range: <=3.0.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- codex.wordpress.org/Version_3.0.5nvdPatchVendor Advisory
- core.trac.wordpress.org/changeset/17393nvdPatchVendor Advisory
- www.wordpress.org/news/2011/02/wordpress-3-0-5/nvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/056412.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/056998.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/057003.htmlnvdThird Party Advisory
- openwall.com/lists/oss-security/2011/02/08/7nvdMailing ListThird Party Advisory
- openwall.com/lists/oss-security/2011/02/09/13nvdMailing ListThird Party Advisory
- secunia.com/advisories/43729nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2190nvdThird Party Advisory
- www.securityfocus.com/bid/46249nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2011/0658nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0721nvdThird Party Advisory
News mentions
0No linked articles in our index yet.