Security Advisory

CVE-2012-4421

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-09-14 19:00:00

Last updated 2024-09-17 03:59:31

Assigner redhat

State PUBLISHED

Description

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.

← Browse all CVEs View on cve.org ↗