CVE-2010-5106 Information

Description

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities which allows remote authenticated users to bypass intended access restrictions and publish edit or delete posts by leveraging the Author or Contributor role.

Reference

http://codex.wordpress.org/Version_3.0.3 http://core.trac.wordpress.org/changeset/16803 http://openwall.com/lists/oss-security/2012/09/14/10