WordPress 'press-this.php'远程安全绕过漏洞

2011-05-04T00:00:00
ID SSV:20514
Type seebug
Reporter Root
Modified 2011-05-04T00:00:00

Description

Bugtraq ID: 47598

WordPress是一款流行的blog系统。 在发布帖子时wp-admin/press-this.php脚本不正确检查用户权限,用户可无需"publish_posts"权限发布文章。 要成功利用此漏洞需要"Contributor-level"特权。

WordPress WordPress 3.1.1 WordPress WordPress 3.0.5 WordPress WordPress 3.0.4 WordPress WordPress 3.0.3 WordPress WordPress 3.0.2 WordPress WordPress 2.9.2 WordPress WordPress 2.9.1 WordPress WordPress 2.8.6 WordPress WordPress 2.8.5 WordPress WordPress 2.8.4 WordPress WordPress 2.8.3 WordPress WordPress 2.8.2 WordPress WordPress 2.8.1 WordPress WordPress 2.6.5 WordPress WordPress 2.6.2 WordPress WordPress 2.6.1 WordPress WordPress 2.5.1 WordPress WordPress 2.3.3 WordPress WordPress 2.3.2 WordPress WordPress 2.3.1 WordPress WordPress 2.2.3 WordPress WordPress 2.2.2 WordPress WordPress 2.2.1 WordPress WordPress 2.1.3 WordPress WordPress 2.1.2 WordPress WordPress 2.1.1 WordPress WordPress 2.0.11 WordPress WordPress 2.0.10 WordPress WordPress 2.0.7 WordPress WordPress 2.0.6 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.3.1 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 + Gentoo Linux WordPress WordPress 1.2 + Gentoo Linux 1.4 + Gentoo Linux WordPress WordPress 0.71 WordPress WordPress 0.7 WordPress WordPress 3.1 WordPress WordPress 3.0.1 WordPress WordPress 2.9 WordPress WordPress 2.8 WordPress WordPress 2.6 WordPress WordPress 2.5 WordPress WordPress 2.3 WordPress WordPress 2.2 Revision 5003 WordPress WordPress 2.2 Revision 5002 WordPress WordPress 2.2 WordPress WordPress 2.1.3-RC2 WordPress WordPress 2.1.3-RC1 WordPress WordPress 2.1 WordPress WordPress 2.0.10-RC2 WordPress WordPress 2.0.10-RC1 厂商解决方案 WordPress 3.1.2已经修复此漏洞,建议用户下载使用: http://codex.wordpress.org/Version_3.1.2