Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2010-5106HistoryOct 03, 2022 - 4:21 p.m.
CVE-2010-5106
2022-10-0316:21:03
Debian Security Bug Tracker
security-tracker.debian.org
7
xml-rpc
wordpress
access restrictions
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.003
Percentile
71.1%
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | wordpress | < 3.0.3-1 | wordpress_3.0.3-1_all.deb |
| Debian | 11 | all | wordpress | < 3.0.3-1 | wordpress_3.0.3-1_all.deb |
| Debian | 999 | all | wordpress | < 3.0.3-1 | wordpress_3.0.3-1_all.deb |
| Debian | 13 | all | wordpress | < 3.0.3-1 | wordpress_3.0.3-1_all.deb |
Related
nessus
nessus
WordPress < 3.0.3 XML-RPC Interface Access Restriction Bypass
2010-12-17 00:00:00
patchstack
patchstack
WordPress <= 3.0.2 - BYPASS
2012-04-30 00:00:00
prion
prion
Design/Logic Flaw
2012-09-14 19:55:00
cvelist
cvelist
CVE-2010-5106
2022-10-03 16:21:03
ubuntucve
ubuntucve
CVE-2010-5106
2012-09-14 00:00:00
cve
cve
CVE-2010-5106
2022-10-03 16:21:03
openvas
openvas
WordPress < 3.0.3 Access Restriction Bypass Vulnerability
2022-12-08 00:00:00
nvd
nvd
CVE-2010-5106
2012-09-14 19:55:01
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.003
Percentile
71.1%
Related for DEBIANCVE:CVE-2010-5106