WordPress 'press-this.php' Remote Security Bypass Vulnerability (0.7 - 3.1.1)

Description

WordPress is prone to a security bypass vulnerability because the application fails to properly perform user-profile checks. Exploiting this issue could allow an attacker to perform otherwise restricted actions and subsequently publish posts under certain circumstances. Note that successful exploitation requires 'Contributor-level' privileges. WordPress versions prior to 3.1.2 are vulnerable.

Remediation

Update to WordPress version 3.0.6, 3.1.2 or latest

References
Severity
Classification
Tags
  • Missing Update