Description

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.

Remediation

References

CVE-2011-5270

Related Vulnerabilities

WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)

WordPress Plugin WP-Live Chat by 3CX Security Bypass (8.0.32)

WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.5)

Python Out-of-bounds Write Vulnerability (CVE-2009-4134)

WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Vulnerabilities (2.0.77)

Severity

Medium

Classification

CVE-2011-5270 CWE-264

Tags

Missing Update Known Vulnerabilities