6.5
CVE-2010-5106
- EPSS 2.18%
- Veröffentlicht 14.09.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:26:09
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
WordPress Core < 3.0.3 - Access Control Bypass
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.0.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-3.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.18% | 0.8 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://codex.wordpress.org/Version_3.0.3
http://core.trac.wordpress.org/changeset/16803
http://openwall.com/lists/oss-security/2012/09/14/10
https://www.wordfence.com/threat-intel/vulnerabilities/id/0eff89a8-07b7-49fc-b68d-9efd87fcac3c