Description

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

Remediation

References

CVE-2010-5106

Related Vulnerabilities

Oracle HTTP Server Other Vulnerability (CVE-2006-5350)

Apache Tomcat Cryptographic Issues Vulnerability (CVE-2011-5064)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-20033)

Drupal Credentials Management Errors Vulnerability (CVE-2009-2374)

Oracle Application Server Other Vulnerability (CVE-2007-2123)

Severity

Medium

Classification

CVE-2010-5106 CWE-264

Tags

Missing Update Known Vulnerabilities