CVE-2013-2200Wordpress vulnerability

CWE-2647 documents5 sources
Severity
4.0MEDIUMNVD
EPSS
1.4%
top 19.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJul 8
Latest updateMay 17

Description

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 3.5.2+dfsg-1 (bookworm)
Debianwordpress/wordpress< 3.5.2+dfsg-1+3
NVDwordpress/wordpress3.5.1+74

🔴Vulnerability Details

2
GHSA
GHSA-7vv5-9f8v-qq6f: WordPress before 32022-05-17
OSV
CVE-2013-2200: WordPress before 32013-07-08

📋Vendor Advisories

1
Debian
CVE-2013-2200: wordpress - WordPress before 3.5.2 does not properly check the capabilities of roles, which ...2013

💬Community

3
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version [epel-all]2013-06-22
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version [fedora-all]2013-06-22
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version2013-06-21
CVE-2013-2200 — Debian Wordpress vulnerability | cvebase