Description

WordPress is prone to a security bypass vulnerability because the application fails to properly perform user-profile checks. Exploiting this issue could allow an attacker to perform otherwise restricted actions and subsequently publish posts under certain circumstances. Note that successful exploitation requires 'Contributor-level' privileges. WordPress versions prior to 3.1.2 are vulnerable.

Remediation

Update to WordPress version 3.0.6, 3.1.2 or latest

References

http://core.trac.wordpress.org/changeset/17710

http://secunia.com/advisories/44372/

Related Vulnerabilities

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4921)

WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)

WordPress Plugin Automated Content for Real Estate Multiple Unspecified Vulnerabilities (5.4.2)

WordPress Plugin Theme Test Drive Multiple Vulnerabilities (2.9)

WordPress Plugin bbPress Security Bypass (2.6.3)

Severity

High

Classification

CVE-2011-5270 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass