CVE-2012-3385

Description

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

How to fix CVE-2012-3385

To remediate CVE-2012-3385, upgrade the affected package to a fixed version below.

• Debian/wordpress—upgrade to 3.4.1+dfsg-1 or later

Is CVE-2012-3385 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.4.1+dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-3385