Description

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.

Remediation

References

CVE-2013-2200

Related Vulnerabilities

WordPress Plugin aoringo LOG maker Cross-Site Scripting (0.1.3)

WordPress Plugin WP Munich Blocks-Gutenberg Blocks for WordPress Security Bypass (0.7.2)

WordPress Plugin Auto Featured Image Arbitrary File Upload (1.2)

WordPress Plugin Multisite Plugin Manager Multiple Cross-Site Scripting Vulnerabilities (3.1.1)

Oracle JRE CVE-2024-20945 Vulnerability (CVE-2024-20945)

Severity

Medium

Classification

CVE-2013-2200 CWE-264

Tags

Missing Update Known Vulnerabilities