Description
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2003-0860)
phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5173)
Drupal Core 7.x Security Bypass (7.0 - 7.90)
WordPress Plugin Shopping Cart & eCommerce Store Cross-Site Request Forgery (5.1.0)
WordPress Plugin Row Seats Core Unspecified Vulnerability (2.66)