2010-02-23 20:00:00
mitre
PUBLISHED
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.