Description
WordPress is prone to a security bypass vulnerability because the application fails to properly perform user-profile checks. Exploiting this issue could allow an attacker to perform otherwise restricted actions and subsequently publish posts under certain circumstances. Note that successful exploitation requires 'Contributor-level' privileges. WordPress versions prior to 3.1.2 are vulnerable.
Remediation
Update to WordPress version 3.0.6, 3.1.2 or latest
References
Related Vulnerabilities
Oracle Database Server CVE-2011-0811 Vulnerability (CVE-2011-0811)
WordPress Plugin Download Monitor Cross-Site Scripting (3.3.6.1)
WordPress Plugin Divi Builder Cross-Site Scripting (2.17.2)
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-0788)
WordPress Plugin Constant Contact Forms Cross-Site Scripting (1.8.7)