CVE-2014-0165

WordPress < 3.7.2 and 3.8.x < 3.8.2 - Authenticated Post Publication via Contributor Role

Title source: llm
STIX 2.1

Description

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.7.2
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.8.2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2901
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1085866

Scores

EPSS 0.0087
EPSS Percentile 75.5%

Details

CWE
CWE-264
Status published
Products (49)
wordpress/wordpress 0.71
wordpress/wordpress 1.0
wordpress/wordpress 1.0.1
wordpress/wordpress 1.0.2
wordpress/wordpress 1.1.1
wordpress/wordpress 1.2
wordpress/wordpress 1.2.1
wordpress/wordpress 1.2.2
wordpress/wordpress 1.2.3
wordpress/wordpress 1.2.4
... and 39 more
Published Apr 10, 2014
Tracked Since Feb 18, 2026