CVE-2015-5715 — Wordpress vulnerability

CWE-2648 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

28.5%

top 3.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedMay 22

Latest updateMay 17

Description

The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.3.1+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.3.1+dfsg-1+3

▶NVDwordpress/wordpress4.3.0

Patches

Patch: codex.wordpress.org ↗Patch: github.com ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-vc9p-pxc7-xfc8: The mw_editPost function in wp-includes/class-wp-xmlrpc-server↗2022-05-17

▶

OSV

CVE-2015-5715: The mw_editPost function in wp-includes/class-wp-xmlrpc-server↗2016-05-22

▶

📋Vendor Advisories

WordPress

WordPress 4.3.1 Security and Maintenance Release↗2015-09-15

▶

Debian

CVE-2015-5715: wordpress - The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC...↗2015

▶

💬Community

Bugzilla

CVE-2015-5714 CVE-2015-5715 CVE-2015-7989 wordpress: XSS and permission issue fixed in wordpress 4.3.1 [fedora-all]↗2015-09-16

▶

Bugzilla

CVE-2015-5714 CVE-2015-5715 CVE-2015-7989 wordpress: XSS and permission issue fixed in wordpress 4.3.1 [epel-all]↗2015-09-16

▶

Bugzilla

CVE-2015-5714 CVE-2015-5715 CVE-2015-7989 wordpress: XSS and permission issue fixed in wordpress 4.3.1↗2015-09-16

▶