Description
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress for Google Maps-WP MAPS Cross-Site Request Forgery (4.0.9)
MySQL CVE-2019-2815 Vulnerability (CVE-2019-2815)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31549)
WordPress Plugin Nelio AB Testing Directory Traversal (4.4.4)
WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Security Bypass (4.16)