Lucene search
HistoryJan 21, 2014 - 1:55 a.m.
CVE-2011-5270
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.1 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
40.8%
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Affected configurations
Node
wordpresswordpressRange≤3.0.5
ORwordpresswordpressMatch3.0
ORwordpresswordpressMatch3.0.1
ORwordpresswordpressMatch3.0.2
ORwordpresswordpressMatch3.0.3
ORwordpresswordpressMatch3.0.4
Related
ubuntucve
ubuntucve
CVE-2011-5270
2014-01-21 00:00:00
patchstack
patchstack
WordPress <= 3.0.5
2014-01-20 00:00:00
prion
prion
Authentication flaw
2014-01-21 01:55:00
cve
cve
CVE-2011-5270
2022-10-03 16:15:12
wpvulndb
wpvulndb
WordPress <= 3.0.5 wp-admin/press-this.php Privilege Escalation
2014-08-01 10:58:23
debiancve
debiancve
CVE-2011-5270
2022-10-03 16:15:12
cvelist
cvelist
CVE-2011-5270
2022-10-03 16:15:12
nessus
nessus
WordPress 'press-this.php' Security Bypass
2014-03-12 00:00:00
WordPress 3.1.x < 3.1.2 / 3.0.x < 3.0.6 Multiple Vulnerabilities
2016-02-26 00:00:00
openvas
openvas
WordPress < 3.0.6 Access Restriction Bypass Vulnerability
2022-12-08 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.1 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
40.8%
Related for NVD:CVE-2011-5270