wordpress

2011-04-29

Page content

Author: Miklos Vajna
Vulnerable: 3.1.1-1nexon1
Unaffected: 3.1.2-1nexon1

A security issue has been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to wp-admin/press-this.php script not properly checking a user’s permissions before publishing posts and can be exploited by users without the “publish_posts” permission. Successful exploitation requires “Contributor-level” privileges.

Bug Tracker URL: http://bugs.frugalware.org/task/4478

CVEs:

No CVE references, see http://codex.wordpress.org/Version_3.1.2