CVE-2012-6634

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.3.3

Description The issue allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions. This is achieved by manipulating the post id value in the wp-admin/media-upload.php file.

Recommendations For versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue.