Description

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.

Remediation

References

CVE-2013-2200

Related Vulnerabilities

MySQL CVE-2018-3056 Vulnerability (CVE-2018-3056)

Oracle Database Server CVE-2009-3415 Vulnerability (CVE-2009-3415)

MySQL CVE-2020-14654 Vulnerability (CVE-2020-14654)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-3376)

WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)

Severity

Medium

Classification

CVE-2013-2200 CWE-264

Tags

Missing Update Known Vulnerabilities