wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Wordpress |
Wordpress |
* |
2.0.4 (including) |
References