Description

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

Remediation

References

CVE-2007-1893

Related Vulnerabilities

WordPress Plugin BuddyPress Cover Arbitrary File Upload (2.1.4.2)

WebLogic CVE-2018-3213 Vulnerability (CVE-2018-3213)

WebLogic CVE-2020-14644 Vulnerability (CVE-2020-14644)

TYPO3 Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-11063)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4225)

Severity

Medium

Classification

CVE-2007-1893 CWE-264

Tags

Missing Update Known Vulnerabilities