WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5106)

Description

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

Remediation

References

Related Vulnerabilities

WordPress Plugin Advanced Woo Search Cross-Site Scripting (2.77)

WordPress Plugin WP Rss Poster SQL Injection (1.0.0)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-4978)

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.06)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2889)

Severity

Medium

Classification

CVE-2010-5106 CWE-264

Tags

Missing Update Known Vulnerabilities