oss-sec mailing list archives
CVE-request: WordPress insufficient permissions verification on XMLRPC interface
From: Henri Salo <henri () nerv fi>
Date: Fri, 14 Sep 2012 15:55:54 +0300
Hello, Please assign 2010 CVE-identifier for XML-RPC interface access restriction bypass issue in WordPress. Description: WordPress contains a flaw related to the XML-RPC remote publishing interface. The interface fails to properly enforce access control restrictions, allowing a remote attacker to bypass restrictions and improperly edit, publish or delete posts. References: 1. http://osvdb.org/69761 2. http://core.trac.wordpress.org/changeset/16803 3. http://secunia.com/advisories/42553/ 4. http://wordpress.org/news/2010/12/wordpress-3-0-3/ 5. http://codex.wordpress.org/Version_3.0.3 - Henri Salo
Current thread:
- CVE-request: WordPress insufficient permissions verification on XMLRPC interface Henri Salo (Sep 14)
- Re: CVE-request: WordPress insufficient permissions verification on XMLRPC interface Kurt Seifried (Sep 14)