CVE-2011-5270

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://codex.wordpress.org/Version_3.0.6 Vendor Advisory
https://core.trac.wordpress.org/changeset/17710 Exploit Patch
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wordpress:wordpress:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:3.0:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:3.0.2:*:*:*:*:*:*:*
Information

Published : 2014-01-20 17:55

Updated : 2014-01-21 09:31

NVD link : CVE-2011-5270

Mitre link : CVE-2011-5270

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

wordpress

  • wordpress