Description
WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Remediation
References
Related Vulnerabilities
Perl Out-of-bounds Write Vulnerability (CVE-2018-6913)
Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)
WordPress Plugin Blue Wrench Video Widget Cross-Site Request Forgery (1.0.5)
WordPress Plugin WP Ad Guru Lite Cross-Site Scripting (1.6.0)
WordPress Plugin Smash Balloon Social Post Feed Unspecified Vulnerability (2.4.2)