Description
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (3.2.3)
WordPress Plugin Powerplay Gallery Multiple Vulnerabilities (3.3)
WordPress Plugin BuddyPress Edit Activity Cross-Site Scripting (1.0.5)
WordPress Plugin Map Block for Google Maps Unspecified Vulnerability (1.31)