Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5106

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2010-5106
Last Modified 17 Sep 2012 12:00:00
Published 14 Sep 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2010-5106

Summary

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

Vulnerable Systems

Application

  • Wordpress 0.71

  • Wordpress 1.0

  • Wordpress 1.0.1

  • Wordpress 1.0.2

  • Wordpress 1.1.1

  • Wordpress 1.2

  • Wordpress 1.2.1

  • Wordpress 1.2.2

  • Wordpress 1.2.3

  • Wordpress 1.2.4

  • Wordpress 1.2.5

  • Wordpress 1.3

  • Wordpress 1.3.2

  • Wordpress 1.3.3

  • Wordpress 1.5

  • Wordpress 1.5.1

  • Wordpress 1.5.1.1

  • Wordpress 1.5.1.2

  • Wordpress 1.5.1.3

  • Wordpress 1.5.2

  • Wordpress 2.0

  • Wordpress 2.0.1

  • Wordpress 2.0.10

  • Wordpress 2.0.11

  • Wordpress 2.0.2

  • Wordpress 2.0.4

  • Wordpress 2.0.5

  • Wordpress 2.0.6

  • Wordpress 2.0.7

  • Wordpress 2.0.8

  • Wordpress 2.0.9

  • Wordpress 2.1

  • Wordpress 2.1.1

  • Wordpress 2.1.2

  • Wordpress 2.1.3

  • Wordpress 2.2

  • Wordpress 2.2.1

  • Wordpress 2.2.2

  • Wordpress 2.2.3

  • Wordpress 2.3

  • Wordpress 2.3.1

  • Wordpress 2.3.2

  • Wordpress 2.3.3

  • Wordpress 2.5

  • Wordpress 2.5.1

  • Wordpress 2.6

  • Wordpress 2.6.1

  • Wordpress 2.6.2

  • Wordpress 2.6.3

  • Wordpress 2.6.5

  • Wordpress 2.7

  • Wordpress 2.7.1

  • Wordpress 2.8

  • Wordpress 2.8.1

  • Wordpress 2.8.2

  • Wordpress 2.8.3

  • Wordpress 2.8.4

  • Wordpress 2.8.5

  • Wordpress 2.8.5.1

  • Wordpress 2.8.5.2

  • Wordpress 2.8.6

  • Wordpress 2.9

  • Wordpress 2.9.1

  • Wordpress 2.9.1.1

  • Wordpress 2.9.2

  • Wordpress 3.0

  • Wordpress 3.0.1

  • Wordpress 3.0.2


References

MLIST - [oss-security] 20120914 Re: CVE-request: WordPress insufficient permissions verification on XMLRPC interface

CONFIRM - http://core.trac.wordpress.org/changeset/16803

CONFIRM - http://codex.wordpress.org/Version_3.0.3


Last Updated: 27 May 2016 11:00:42