What is the severity of CVE-2010-5106?

CVE-2010-5106 has a high severity rating as it allows unauthorized publishing and editing of posts by exploiting a capability check flaw.

How do I fix CVE-2010-5106?

To fix CVE-2010-5106, upgrade to WordPress version 3.0.3 or later, which includes the necessary security patch.

Which versions of WordPress are affected by CVE-2010-5106?

CVE-2010-5106 affects multiple versions of WordPress, specifically all versions prior to 3.0.3.

What types of attacks can CVE-2010-5106 enable?

CVE-2010-5106 can enable attacks that allow unauthorized users to publish, edit, or delete posts on WordPress sites.

Who is impacted by CVE-2010-5106?

Users with the Author or Contributor role on WordPress sites prior to version 3.0.3 are impacted by CVE-2010-5106.

Vulnerability/
CVE-2010-5106

medium

6.5

CWE

264

14/9/2012

17/9/2012

CVE-2010-5106

First published: Fri Sep 14 2012(Updated: )

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
WordPress	=2.8.5.2
WordPress	=1.2.3
WordPress	=2.0.11
WordPress	=1.3.3
WordPress	=2.8.6
WordPress	=2.0
WordPress	=2.1.1
WordPress	=2.2.3
WordPress	=2.0.2
WordPress	=2.1
WordPress	=1.1.1
WordPress	=1.2.4
WordPress	=2.0.6
WordPress	=2.0.1
WordPress	=2.8.4
WordPress	=2.0.4
WordPress	=2.2
WordPress	=1.2.1
WordPress	=2.1.3
WordPress	=1.3.2
WordPress	=3.0
WordPress	=2.8
WordPress	=2.0.7
WordPress	=2.1.2
WordPress	=3.0.1
WordPress	=1.2.5-a
WordPress	=2.7.1
WordPress	=0.71
WordPress	=2.6.3
WordPress	=2.0.5
WordPress	=2.8.3
WordPress	<=3.0.2
WordPress	=2.8.4-a
WordPress	=2.6.5
WordPress	=2.2.2
WordPress	=2.3.3
WordPress	=1.5.1.1
WordPress	=2.0.9
WordPress	=2.8.1
WordPress	=2.2.1
WordPress	=2.7
WordPress	=1.5.2
WordPress	=1.0.1
WordPress	=2.6.2
WordPress	=2.9
WordPress	=2.3.1
WordPress	=1.0.2
WordPress	=2.5.1
WordPress	=2.6.1
WordPress	=1.5.1.2
WordPress	=1.2
WordPress	=2.8.5.1
WordPress	=2.9.2
WordPress	=2.5
WordPress	=1.2.2
WordPress	=2.0.10
WordPress	=2.9.1
WordPress	=1.0
WordPress	=1.5
WordPress	=2.8.2
WordPress	=1.5.1
WordPress	=1.2.5
WordPress	=1.5.1.3
WordPress	=2.9.1.1
WordPress	=2.3.2
WordPress	=1.3
WordPress	=2.6
WordPress	=2.8.5
WordPress	=2.0.8
WordPress	=2.3

Remedy

http://core.trac.wordpress.org/changeset/16803

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-5106?
CVE-2010-5106 has a high severity rating as it allows unauthorized publishing and editing of posts by exploiting a capability check flaw.
How do I fix CVE-2010-5106?
To fix CVE-2010-5106, upgrade to WordPress version 3.0.3 or later, which includes the necessary security patch.
Which versions of WordPress are affected by CVE-2010-5106?
CVE-2010-5106 affects multiple versions of WordPress, specifically all versions prior to 3.0.3.
What types of attacks can CVE-2010-5106 enable?
CVE-2010-5106 can enable attacks that allow unauthorized users to publish, edit, or delete posts on WordPress sites.
Who is impacted by CVE-2010-5106?
Users with the Author or Contributor role on WordPress sites prior to version 3.0.3 are impacted by CVE-2010-5106.

agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/references
agent/weakness
agent/author
agent/severity
agent/tags
agent/event
agent/description
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/wordpress
canonical/wordpress
version/wordpress/2.8.5.2
version/wordpress/1.2.3
version/wordpress/2.0.11
version/wordpress/1.3.3
version/wordpress/2.8.6
version/wordpress/2.0
version/wordpress/2.1.1
version/wordpress/2.2.3
version/wordpress/2.0.2
version/wordpress/2.1
version/wordpress/1.1.1
version/wordpress/1.2.4
version/wordpress/2.0.6
version/wordpress/2.0.1
version/wordpress/2.8.4
version/wordpress/2.0.4
version/wordpress/2.2
version/wordpress/1.2.1
version/wordpress/2.1.3
version/wordpress/1.3.2
version/wordpress/3.0
version/wordpress/2.8
version/wordpress/2.0.7
version/wordpress/2.1.2
version/wordpress/3.0.1
version/wordpress/1.2.5-a
version/wordpress/2.7.1
version/wordpress/0.71
version/wordpress/2.6.3
version/wordpress/2.0.5
version/wordpress/2.8.3
version/wordpress/3.0.2
version/wordpress/2.8.4-a
version/wordpress/2.6.5
version/wordpress/2.2.2
version/wordpress/2.3.3
version/wordpress/1.5.1.1
version/wordpress/2.0.9
version/wordpress/2.8.1
version/wordpress/2.2.1
version/wordpress/2.7
version/wordpress/1.5.2
version/wordpress/1.0.1
version/wordpress/2.6.2
version/wordpress/2.9
version/wordpress/2.3.1
version/wordpress/1.0.2
version/wordpress/2.5.1
version/wordpress/2.6.1
version/wordpress/1.5.1.2
version/wordpress/1.2
version/wordpress/2.8.5.1
version/wordpress/2.9.2
version/wordpress/2.5
version/wordpress/1.2.2
version/wordpress/2.0.10
version/wordpress/2.9.1
version/wordpress/1.0
version/wordpress/1.5
version/wordpress/2.8.2
version/wordpress/1.5.1
version/wordpress/1.2.5
version/wordpress/1.5.1.3
version/wordpress/2.9.1.1
version/wordpress/2.3.2
version/wordpress/1.3
version/wordpress/2.6
version/wordpress/2.8.5
version/wordpress/2.0.8
version/wordpress/2.3