Lucene search

Veracode Vulnerability DatabaseVERACODE:4860

HistoryAug 04, 2017 - 7:28 a.m.

Privilege Escalation

2017-08-0407:28:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

WordPress is vulnerable to privilege escalation attacks. The attacks are possible through changing the user_ID parameter in wp-admin/includes/post.php, allowing any authenticated users to create a post as if written by another user.

CPENameOperatorVersion
johnpbloch/wordpress-corele3.6.0

CPE	Name	Operator	Version
	johnpbloch/wordpress-core	le	3.6.0

References

codex.wordpress.org/Version_3.6.1

core.trac.wordpress.org/changeset/25321

lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html

lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html

lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html

wordpress.org/news/2013/09/wordpress-3-6-1/

www.debian.org/security/2013/dsa-2757

codex.wordpress.org/Version_3.6.1

core.trac.wordpress.org/changeset/25321

github.com/WordPress/WordPress/blob/3.6/wp-admin/includes/post.php#L55

www.debian.org/security/2013/dsa-2757

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Related for VERACODE:4860