wordpress

2011-02-06

Page content

Author: Miklos Vajna
Vulnerable: 3.0.2-1haven1
Unaffected: 3.0.3-1haven1

A security issue has been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to the XML-RPC remote publishing interface not properly enforcing access control restrictions for editing, publishing, or deleting posts. Successful exploitation of this security issue requires “Author level” or “Contributor level” permissions and that remote publishing is enabled.

Bug Tracker URL: http://bugs.frugalware.org/task/4387

CVEs:

No CVE references, see http://wordpress.org/news/2010/12/wordpress-3-0-3/