6.5
CVE-2011-1762
- EPSS 0.7%
- Veröffentlicht 18.04.2022 17:15:11
- Zuletzt bearbeitet 21.11.2024 01:26:59
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.1.2, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.488 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://wordpress.org/support/wordpress-version/version-3-1-2/
https://www.wordfence.com/threat-intel/vulnerabilities/id/c248606f-2d79-46c1-8975-e111b9118ceb