WordPress Thrashing Authorisation Bypass


WordPress Thrashing Authorisation BypassThomas Mackenzie has reported a vulnerability affecting WordPress >=ย 2.9. Versions before 2.9 are not vulnerable.
tmacuk quote:
Since version 2.9 a new feature was implemented so that users were able to retrieve posts that they may have deleted by accident. This new feature was labelled โ€˜trashโ€™. Any posts that are placed within the trash are only viewable […]

http://feedproxy.google.com/~r/BlogSecurity/~3/G45bqg90l8g/wordpress-thrashing-authorisation-bypass