Description

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

Remediation

References

CVE-2007-1893

Related Vulnerabilities

WordPress Plugin HDW WordPress Video Gallery Multiple Cross-Site Scripting Vulnerabilities (1.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2244)

WordPress Plugin WP User Frontend Arbitrary File Upload (2.3.10)

Oracle Database Server CVE-2011-0880 Vulnerability (CVE-2011-0880)

WordPress Plugin DB Backup Directory Traversal (4.5)

Severity

Medium

Classification

CVE-2007-1893 CWE-264

Tags

Missing Update Known Vulnerabilities