Description

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.

Remediation

References

CVE-2013-2200

Related Vulnerabilities

phpMyAdmin Other Vulnerability (CVE-2006-2031)

WordPress Plugin WP eCommerce Security Bypass (3.8.14.3)

GeoServer CVE-2023-35042 Vulnerability (CVE-2023-35042)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5249)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2370)

Severity

Medium

Classification

CVE-2013-2200 CWE-264

Tags

Missing Update Known Vulnerabilities