CVE-2012-4421

2012-09-14T15:55:01
ID CVE-2012-4421
Type cve
Reporter NVD
Modified 2012-09-17T00:00:00

Description

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.