24 matches found
CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
DEBIAN-CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
Design/Logic Flaw
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
CVE-2011-1762
A flaw exists in Wordpress related to the ‘wp-admin/press-this.php ‘script improperly checking user permissions when publishing posts. This may allow a user with ‘Contributor-level’ privileges to post as if they had ‘publishposts’ permission. Recent assessments: Assessed Attacker Value: 0 Assesse...
Server-Side Request Forgery (SSRF)
WordPress is vulnerable to server-side request forgery SSRF attacks. The attacks exist because it bypasses the validation of GET request by using URL http://xxx.xxx.xxx.xxx/wp-admin/press-this.php?u=URLTOSCRAPE&url-scan-submit;=Scan which has a zero value in the first octet of an IPv4 address in...
CVE-2016-2222
The wphttpvalidateurl function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery SSRF attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php...
UBUNTU-CVE-2016-2222
The wphttpvalidateurl function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery SSRF attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php...
WordPress <= 2.5.1 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30238/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...
WordPress 'press-this.php' Security Bypass
According to its version number, the WordPress install hosted on the remote web server is affected by a security bypass vulnerability. A flaw in the 'wp-admin/press-this.php' script improperly checks user permissions when publishing posts. This allows a user with 'Contributor-level' privileges to...
CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
CVE-2011-5270
Affected product: WordPress (before 3.0.6). The vulnerability in wp-admin/press-this.php does not properly enforce the publish_posts capability, enabling a user with Contributor-level privileges to publish posts as if they had publish_posts. Root cause: permission check flaw in the press-this.php...
CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
WordPress 'press-this.php'远程安全绕过漏洞
Bugtraq ID: 47598 WordPress是一款流行的blog系统。 在发布帖子时wp-admin/press-this.php脚本不正确检查用户权限,用户可无需"publishposts"权限发布文章。 要成功利用此漏洞需要"Contributor-level"特权。 WordPress WordPress 3.1.1 WordPress WordPress 3.0.5 WordPress WordPress 3.0.4 WordPress WordPress 3.0.3 WordPress WordPress 3.0.2 WordPress WordPress 2.9.2...
CVE-2009-3891
Cross-site scripting XSS vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter aka the selection variable...
CVE-2009-3891
Cross-site scripting XSS vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter aka the selection variable...