Описание
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
Ссылки
- Third Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.8 Medium
CVSS3
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
In affected versions of WordPress, some private posts, which were prev ...
Уязвимость метода parse_query (class-wp-query.php) системы управления содержимым сайта WordPress, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
5.8 Medium
CVSS3
7.5 High
CVSS3
4.3 Medium
CVSS2