- WordPress is prone to a security bypass vulnerability because the application fails to properly perform user-profile checks. Exploiting this issue could allow an attacker to perform otherwise restricted actions and subsequently publish posts under certain circumstances. Note that successful exploitation requires 'Contributor-level' privileges. WordPress versions prior to 3.1.2 are vulnerable.
- Update to WordPress version 3.0.6, 3.1.2 or latest
- WordPress Plugin Easy Digital Downloads Cross-Site Scripting (2.3.6)
- WordPress Plugin Music Store Open Redirect (1.0.14)
- WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.5.3)
- WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)
- WordPress Plugin Nextend Google Connect Unspecified Vulnerability (1.5.3)