Description

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

Remediation

References

CVE-2010-5106

Related Vulnerabilities

Oracle JRE CVE-2013-2452 Vulnerability (CVE-2013-2452)

Joomla CVE-2021-23132 Vulnerability (CVE-2021-23132)

WordPress Plugin Booking Calendar SQL Injection (6.2.2)

MySQL CVE-2020-14812 Vulnerability (CVE-2020-14812)

WordPress Plugin Log HTTP Requests Cross-Site Scripting (1.3.1)

Severity

Medium

Classification

CVE-2010-5106 CWE-264

Tags

Missing Update Known Vulnerabilities