Description
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.
Remediation
References
Related Vulnerabilities
Drupal Core 6.x Local File Inclusion (6.0 - 6.9)
WordPress Plugin WP Smart Security PHP Object Injection (1.0)
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-4987)
SharePoint CVE-2021-31966 Vulnerability (CVE-2021-31966)
WordPress Plugin Podlove Podcast Publisher Multiple Vulnerabilities (2.3.15)