CVE-2010-5106

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2010-5106

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-5106.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2010-5106

Downstream

DEBIAN-CVE-2010-5106

Published

2012-09-14T19:55:01Z

Modified

2026-04-10T03:41:34.071442Z

Summary

[none]

Details

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

References

http://core.trac.wordpress.org/changeset/16803
http://core.trac.wordpress.org/changeset/16803
http://codex.wordpress.org/Version_3.0.3
http://openwall.com/lists/oss-security/2012/09/14/10

CVE-2010-5106

Affected packages