Description

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.

Remediation

References

CVE-2013-4340

Related Vulnerabilities

WordPress Plugin Maintenance Cross-Site Scripting (4.02)

WordPress Plugin DukaPress SQL Injection (2.5.9)

WordPress Plugin WP Job Manager Privilege Escalation (1.34.3)

WordPress Plugin Download Monitor Cross-Site Scripting (1.7.0)

MediaWiki CVE-2023-37303 Vulnerability (CVE-2023-37303)

Severity

Low

Classification

CVE-2013-4340 CWE-264

Tags

Missing Update Known Vulnerabilities