Description
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.
Remediation
References
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3433)
WordPress Plugin WP Super Cache Cross-Site Scripting (1.7.2)
WordPress Plugin Video Comments Webcam Recorder Cross-Site Scripting (1.55)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0346)