Description
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.
Remediation
References
Related Vulnerabilities
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)
Django Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0696)
Jenkins Missing Authorization Vulnerability (CVE-2024-43045)
WordPress Plugin WP Advanced Comment Cross-Site Scripting (0.10)
SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1210)