10 matches found
CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
Design/Logic Flaw
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publishposts' permission...
CVE-2020-8498
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...
CVE-2020-8498
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...
WordPress 'press-this.php' Security Bypass
According to its version number, the WordPress install hosted on the remote web server is affected by a security bypass vulnerability. A flaw in the 'wp-admin/press-this.php' script improperly checks user permissions when publishing posts. This allows a user with 'Contributor-level' privileges to...
CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...
CVE-2007-1893
xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publishposts functionality, which can be used to "publish a previously saved post."...
CVE-2007-1893
xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publishposts functionality, which can be used to "publish a previously saved post."...