CVE-2011-1762 — Improper Access Control in Wordpress

CWE-284 — Improper Access Control CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 38.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedApr 18

Latest updateApr 19

Description

A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/wordpress< wordpress 3.2.1+dfsg-1 (bookworm)

▶NVDwordpress/wordpress3.1 — 3.1.2+1

▶Debianwordpress/wordpress< 3.2.1+dfsg-1+3

▶CVEListV5wordpress/wordpresswordpress before 3.0.6 and 3.1.2

🔴Vulnerability Details

GHSA

GHSA-fp52-jqr7-7249: A flaw exists in Wordpress related to the 'wp-admin/press-this↗2022-04-19

▶

OSV

CVE-2011-1762: A flaw exists in Wordpress related to the 'wp-admin/press-this↗2022-04-18

▶

📋Vendor Advisories

Debian

CVE-2011-1762: wordpress - A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script impro...↗2011

▶