Description
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Remediation
References
Related Vulnerabilities
Oracle Database Server Resource Management Errors Vulnerability (CVE-2007-5506)
WordPress Plugin MF Gig Calendar 'page_id' Parameter Cross-Site Scripting (0.9.4.1)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.4.5)
Squid Resource Management Errors Vulnerability (CVE-2011-4096)
WordPress Plugin YITH Maintenance Mode Cross-Site Scripting (1.1.4)