Description

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.

Remediation

References

CVE-2011-5270

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4279)

WordPress Plugin AIT Themes-CSV Import/Export Arbitrary File Upload (3.0.3)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4642)

silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6789)

Atlassian Confluence Incorrect Authorization Vulnerability (CVE-2023-22518)

Severity

Medium

Classification

CVE-2011-5270 CWE-264

Tags

Missing Update Known Vulnerabilities