CVE-2014-0165 Information

Description

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.

Reference

http://codex.wordpress.org/Version_3.7.2 http://codex.wordpress.org/Version_3.8.2 http://core.trac.wordpress.org/changeset/27976 http://www.debian.org/security/2014/dsa-2901 https://bugzilla.redhat.com/show_bug.cgi?id=1085866