Description

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.

Remediation

References

CVE-2014-0165

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5270)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)

WordPress Plugin Are You a Human-The Fun Spam Blocker Cross-Site Scripting (1.4.32)

PHP Other Vulnerability (CVE-2015-6832)

PHP Out-of-bounds Read Vulnerability (CVE-2017-9118)

Severity

Medium

Classification

CVE-2014-0165 CWE-264

Tags

Missing Update Known Vulnerabilities