CVE-2011-3128

EPSS 1.1%

Published: 8/10/2011Modified: 5/27/2026

Description

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.

Affected packages (1)

Debian/wordpressfrom 0, < 3.2.1+dfsg-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-3128