WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wordpress | Wordpress | 2.9 (including) | 2.9 (including) |
Wordpress | Wordpress | 2.9.1 (including) | 2.9.1 (including) |
Wordpress | Wordpress | 2.9.1-beta1 (including) | 2.9.1-beta1 (including) |
Wordpress | Wordpress | 2.9.1-rc1 (including) | 2.9.1-rc1 (including) |