CVE-2010-5106 Information
Share on:
Feb 14, 2021
cve
Description
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities which allows remote authenticated users to bypass intended access restrictions and publish edit or delete posts by leveraging the Author or Contributor role.
Reference
http://codex.wordpress.org/Version_3.0.3 http://core.trac.wordpress.org/changeset/16803 http://openwall.com/lists/oss-security/2012/09/14/10