CVE-2011-5270
WordPress < 3.0.6 - Authenticated Unauthorized Post Publishing via press-this.php
Title source: llmDescription
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
References (2)
Core 2
Core References
Exploit, Patch x_refsource_confirm
https://core.trac.wordpress.org/changeset/17710
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.0.6
Scores
EPSS
0.0051
EPSS Percentile
66.5%
Details
CWE
CWE-264
Status
published
Products (6)
wordpress/wordpress
3.0
wordpress/wordpress
3.0.1
wordpress/wordpress
3.0.2
wordpress/wordpress
3.0.3
wordpress/wordpress
3.0.4
wordpress/wordpress
< 3.0.5
Published
Jan 21, 2014
Tracked Since
Feb 18, 2026