First published: Mon Aug 03 2015(Updated: )
WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | <=4.2.2 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.