Description
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Woo Search Cross-Site Scripting (2.77)
WordPress Plugin WP Rss Poster SQL Injection (1.0.0)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-4978)
WordPress Plugin Calendar Event Multi View Security Bypass (1.4.06)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2889)