CVE-2014-0165Wordpress vulnerability

CWE-2647 documents5 sources
Severity
4.0MEDIUMNVD
EPSS
0.5%
top 33.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedApr 10
Latest updateMay 17

Description

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 3.8.2+dfsg-1 (bookworm)
Debianwordpress/wordpress< 3.8.2+dfsg-1+3
NVDwordpress/wordpress3.7.1+94

🔴Vulnerability Details

2
GHSA
GHSA-hhj8-hj4j-7q6w: WordPress before 32022-05-17
OSV
CVE-2014-0165: WordPress before 32014-04-10

📋Vendor Advisories

1
Debian
CVE-2014-0165: wordpress - WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users ...2014

💬Community

3
Bugzilla
CVE-2014-0166 CVE-2014-0165 wordpress: various flaws [fedora-all]2014-04-09
Bugzilla
CVE-2014-0165 wordpress: privilege escalation issue allowing contributors to publish posts2014-04-09
Bugzilla
CVE-2014-0166 CVE-2014-0165 wordpress: various flaws [epel-all]2014-04-09
CVE-2014-0165 — Debian Wordpress vulnerability | cvebase