Description

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

Remediation

References

CVE-2010-5106

Related Vulnerabilities

WordPress Plugin Our Team Showcase Cross-Site Request Forgery (1.2)

WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1324)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Security Bypass (4.2.12)

IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0219)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3727)

Severity

Medium

Classification

CVE-2010-5106 CWE-264

Tags

Missing Update Known Vulnerabilities