First published: Tue Jan 21 2014(Updated: )
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | <=3.0.5 | |
WordPress WordPress | =3.0 | |
WordPress WordPress | =3.0.1 | |
WordPress WordPress | =3.0.2 | |
WordPress WordPress | =3.0.3 | |
WordPress WordPress | =3.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.