Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-1893)

Description

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

Remediation

References

Related Vulnerabilities

WordPress Plugin LearnPress-WordPress LMS Multiple Cross-Site Scripting Vulnerabilities (4.1.3)

WordPress Plugin WP Logs Book Cross-Site Scripting (1.0.1)

Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3518)

PHP Out-of-bounds Read Vulnerability (CVE-2019-9024)

WordPress Plugin All-in-One WP Migration Cross-Site Scripting (7.62)

Severity

Medium

Classification

CVE-2007-1893 CWE-264

Tags

Missing Update Known Vulnerabilities