21 matches found
CVE-2025-12156
The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...
EUVD-2007-1887
Malware in sbrugna...
EUVD-2011-5169
Malware in sbrugna...
EUVD-2011-1761
Malware in sbrugna...
CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
PT-2024-18361 · WordPress · Autowriter
Name of the Vulnerable Software and Affected Versions: AutoWriter plugin for WordPress versions up to, and including, 3.3 Description: The issue allows authenticated attackers with subscriber access or higher to access, modify, or delete posts due to a missing capability check on functions hooked...
CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
DEBIAN-CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
CVE-2019-20203
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message...
Jetpack Plugin for WordPress Security Bypass
The WordPress Jetpack plugin installed on the remote host is affected by a security bypass vulnerability due to a flaw in the 'class.jetpack.php' script. This can allow a remote, unauthenticated attacker to submit crafted XML-RPC requests that bypass access controls, allowing the attacker to...
CVE-2014-0165
WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...
DEBIAN-CVE-2014-0165
WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...
CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
DEBIAN-CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
DEBIAN-CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
DEBIAN-CVE-2012-4421
The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...
CVE-2008-5846
Six Apart Movable Type MT before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."...
CVE-2008-5846
Six Apart Movable Type MT before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."...
CVE-2007-1893
xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publishposts functionality, which can be used to "publish a previously saved post."...