4.9

CVE-2007-1893

WordPress Core < 2.1.3 - Authorization Bypass

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
Mögliche Gegenmaßnahme
WordPress: Update to version 2.1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 2.1.2
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-2.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.17% 0.632
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 4.4 6.4
AV:A/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/25108
Vendor Advisory
http://www.debian.org/security/2007/dsa-1285
http://secunia.com/advisories/24751
Patch
Vendor Advisory
http://trac.wordpress.org/ticket/4091
http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/
http://www.vupen.com/english/advisories/2007/1245
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33470
https://www.wordfence.com/threat-intel/vulnerabilities/id/292be50c-6eab-4462-b46c-c7763e8aa223
Third Party Advisory