Description
WordPress is prone to a security bypass vulnerability because the application fails to properly perform user-profile checks. Remote attackers with 'Author' and 'Contributor' privileges can exploit this issue to improperly edit, publish, or delete posts under certain circumstances. Note that successful exploitation requires the application to be enabled with the remote publishing feature. WordPress version 3.0.2 is vulnerable; prior versions may also be affected.
Remediation
Update to WordPress version 3.0.3 or latest
References
Related Vulnerabilities
WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - 3.1.2)
WordPress Plugin BuddyBoss Wall Cross-Site Scripting (1.1.7)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.13)
Oracle Database Server CVE-2011-0804 Vulnerability (CVE-2011-0804)
WordPress Plugin Email Encoder-Protect Email Addresses Cross-Site Scripting (1.4.1)