Description
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4554)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2082)
Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8101)
WordPress Plugin Constant Contact for WordPress Unspecified Vulnerability (3.1.6)
WordPress Plugin WordPress Social Login Cross-Site Scripting (2.0.3)