Описание
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.4.2+dfsg-1 |
| esm-apps/xenial | not-affected | 3.4.2+dfsg-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.4.2+dfsg-1]] |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| quantal | not-affected | 3.4.2+dfsg-1 |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.
The create_post function in wp-includes/class-wp-atom-server.php in Wo ...
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.
EPSS
4 Medium
CVSS2