CVE-2011-0701

EPSS 1.6%

Published: 3/14/2011Modified: 5/27/2026

Description

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

Affected packages (1)

Debian/wordpressfrom 0, < 3.0.5+dfsg-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-0701