wp-admin/press-this.php in WordPress prior to 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 3.0.3 |
||
wordpress wordpress 3.0.4 |
||
wordpress wordpress |
||
wordpress wordpress 3.0.1 |
||
wordpress wordpress 3.0 |
||
wordpress wordpress 3.0.2 |