WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-1893)

Description

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

Remediation

References

Related Vulnerabilities

WordPress Plugin WP-reCAPTCHA Cross-Site Scripting (3.1.3)

MySQL CVE-2014-0384 Vulnerability (CVE-2014-0384)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2243)

MySQL CVE-2017-3309 Vulnerability (CVE-2017-3309)

Django Improper Input Validation Vulnerability (CVE-2015-5144)

Severity

Medium

Classification

CVE-2007-1893 CWE-264

Tags

Missing Update Known Vulnerabilities