Description
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-3628)
WordPress 2.0.5 Invalid CSRF Token Cross-Site Scripting Vulnerability (0.6.2 - 2.0.5)
WordPress Plugin Bannerlid Cross-Site Scripting (1.1.0)
WordPress Plugin Pay With Tweet SQL Injection and Cross-Site Scripting Vulnerabilities (1.1)
WordPress Plugin Justified Gallery Cross-Site Scripting (1.7.0)