Description
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.
Remediation
References
Related Vulnerabilities
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19594)
Dolibarr Inadequate Encryption Strength Vulnerability (CVE-2017-7888)
WordPress Plugin Easy Testimonials Cross-Site Scripting (3.5.2)
MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8109)