CVE-2011-1762
First published: Mon Apr 18 2022(Updated: )
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress WordPress | >=3.1<3.1.2 | |
| WordPress WordPress | <3.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this flaw in Wordpress?
The vulnerability ID for this flaw in Wordpress is CVE-2011-1762.
What is the root cause of the vulnerability?
The root cause of this vulnerability is the improper checking of user permissions in the 'wp-admin/press-this.php' script.
Who is affected by this vulnerability?
Users of Wordpress versions 3.1 to 3.1.2 and versions 3.0.6 and earlier are affected by this vulnerability.
What can an attacker do with this vulnerability?
An attacker with 'Contributor-level' privileges can post as if they had 'publish_posts' permission, allowing them to publish posts.
How can this vulnerability be fixed?
To fix this vulnerability, users should update to a patched version of Wordpress (3.1.3 or later for affected versions 3.1 to 3.1.2, and 3.0.7 or later for affected versions 3.0.6 and earlier).
- agent/type
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/wordpress
- canonical/wordpress wordpress
- version/wordpress wordpress/3.1