To all wordpress users out there, if you have noticed in your WordPress dashboard, you can see the option to upgrade to the latest wordpress version 2.9.2. Before you upgrade , this is the vulnerabilities from the previous version from 2.9.x up from the official site
Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2.
If your WordPress blog have many users, all of them including those with subscriber roles, can have access to all deleted articles that have been moved to the trash. So anyone in your user account can read your trash post or data.
It is not really good if you have more than one authors/users especially if you don’t know that particular someone, he/she might be able to see you trashed posts which already contains your draft (for example.. passwords, pin accounts, personal (too personal) blog topics which you decide not to post, etc.
But that is rarely seen to personal bloggers which has more than one author (right?), might as well stay with the current version and upgrade for the next version.
Related posts:
