4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.7%
WordPress before 4.2.3 does not properly verify the edit_posts capability,
which allows remote authenticated users to bypass intended access
restrictions and create drafts by leveraging the Subscriber role, as
demonstrated by a post-quickdraft-save action to wp-admin/post.php.