CVE-2010-5106
N/A
N/A
Summary
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://codex.wordpress.org/Version_3.0.3
- http://openwall.com/lists/oss-security/2012/09/14/10
- http://core.trac.wordpress.org/changeset/16803
References
- http://codex.wordpress.org/Version_3.0.3
- http://openwall.com/lists/oss-security/2012/09/14/10
- http://core.trac.wordpress.org/changeset/16803
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.