CVE-2011-5270Wordpress vulnerability

CWE-2644 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.5%
top 33.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJan 21
Latest updateMay 17

Description

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 3.2.1+dfsg-1 (bookworm)
Debianwordpress/wordpress< 3.2.1+dfsg-1+3
NVDwordpress/wordpress3.0.5+5

Patches

Patch: core.trac.wordpress.orgPatch: core.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-3fp5-72pm-rf42: wp-admin/press-this2022-05-17
OSV
CVE-2011-5270: wp-admin/press-this2014-01-21

📋Vendor Advisories

1
Debian
CVE-2011-5270: wordpress - wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_p...2011
CVE-2011-5270 — Debian Wordpress vulnerability | cvebase