CVE-2007-1893
WordPress < 2.1.2 - Authenticated Post Publishing Privilege Escalation via XML-RPC
Title source: llmDescription
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
References (7)
Core 7
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1245
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25108
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33470
Product x_refsource_confirm
http://trac.wordpress.org/ticket/4091
Various Sources x_refsource_misc
http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24751
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1285
Scores
EPSS
0.0023
EPSS Percentile
46.0%
Details
CWE
CWE-264
Status
published
Products (1)
wordpress/wordpress
< 2.1.2
Published
Apr 09, 2007
Tracked Since
Feb 18, 2026