WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-1893)

Description

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

Remediation

References

Related Vulnerabilities

WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3)

XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31465)

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5424)

IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2019-4151)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0124)

Severity

Medium

Classification

CVE-2007-1893 CWE-264

Tags

Missing Update Known Vulnerabilities