CVE-2007-1893 — Wordpress vulnerability

CWE-2645 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 59.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedApr 9

Latest updateMay 1

Description

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 4.4 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.1.3-1 (bookworm)

▶Debianwordpress/wordpress< 2.1.3-1+3

▶NVDwordpress/wordpress2.1.2

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-v744-f96h-39q4: xmlrpc (xmlrpc↗2022-05-01

▶

OSV

CVE-2007-1893: xmlrpc (xmlrpc↗2007-04-09

▶

📋Vendor Advisories

Debian

CVE-2007-1893: wordpress - xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote auth...↗2007

▶

💬Community

Bugzilla

CVE-2007-1893, CVE-2007-1897: wordpress < 2.1.3 issues↗2007-04-10

▶