CVE-2007-1893

Severity

49%

Complexity

44%

Confidentiality

106%

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: medium. CVSS Vector: (AV:A/AC:M/Au:S/C:P/I:P/A:P).

Overview

First reported 17 years ago

2007-04-09 20:19:00

Last updated 7 years ago

2017-07-29 01:31:00

Affected Software

WordPress

References

24751

Patch, Vendor Advisory

25108

Vendor Advisory

http://trac.wordpress.org/ticket/4091

DSA-1285

http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/

ADV-2007-1245

Vendor Advisory

wordpress-xmlrpc-security-bypass(33470)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.