Description

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.

Remediation

References

CVE-2011-5270

Related Vulnerabilities

WordPress Plugin WP DS FAQ Plus Cross-Site Scripting (1.4.1)

WordPress Plugin Popup box SQL Injection (2.3.3)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)

Apache Traffic Server CVE-2014-3525 Vulnerability (CVE-2014-3525)

Atlassian Confluence Missing Authorization Vulnerability (CVE-2019-15005)

Severity

Medium

Classification

CVE-2011-5270 CWE-264

Tags

Missing Update Known Vulnerabilities