Vulnerability Database

296,822

Total vulnerabilities in the database

CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.

  • Published: Mar 14, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-0701
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
WordPress / wordpress - 3.0.4.x