Description

WordPress is prone to a security bypass vulnerability because the application fails to properly perform user-profile checks. Remote attackers with 'Author' and 'Contributor' privileges can exploit this issue to improperly edit, publish, or delete posts under certain circumstances. Note that successful exploitation requires the application to be enabled with the remote publishing feature. WordPress version 3.0.2 is vulnerable; prior versions may also be affected.

Remediation

Update to WordPress version 3.0.3 or latest

References

http://www.securityfocus.com/bid/45299/

http://secunia.com/advisories/42553/

https://wordpress.org/news/2010/12/wordpress-3-0-3/

Related Vulnerabilities

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0958)

WordPress Plugin WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection-StopBadBots SQL Injection (6.59)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0457)

Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)

MediaWiki Improper Input Validation Vulnerability (CVE-2017-8814)

Severity

High

Classification

CVE-2010-5106 CWE-264 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass