CVE

Id
25250  
CVE No.
CVE-2007-1893  
Status
Candidate  
Description
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."  
Phase
Assigned (20070409)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
251809 25250 CVE-2007-1893 MISC:http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/  View
251810 25250 CVE-2007-1893 CONFIRM:http://trac.wordpress.org/ticket/4091  View
251811 25250 CVE-2007-1893 DEBIAN:DSA-1285  View
251812 25250 CVE-2007-1893 URL:http://www.debian.org/security/2007/dsa-1285  View
251813 25250 CVE-2007-1893 VUPEN:ADV-2007-1245  View
251814 25250 CVE-2007-1893 URL:http://www.vupen.com/english/advisories/2007/1245  View
251815 25250 CVE-2007-1893 SECUNIA:24751  View
251816 25250 CVE-2007-1893 URL:http://secunia.com/advisories/24751  View
251817 25250 CVE-2007-1893 SECUNIA:25108  View
251818 25250 CVE-2007-1893 URL:http://secunia.com/advisories/25108  View
251819 25250 CVE-2007-1893 XF:wordpress-xmlrpc-security-bypass(33470)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
56664 JVNDB-2007-005356 Sky GUNNING MySpeach の chat.php における PHP リモートファイルインクルージョンの脆弱性 Sky GUNNING MySpeach の chat.php には、PHP 5 で使用されている際、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2007-1895 25250 6.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005356.html  View