Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4421

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-4421
Last Modified 17 Sep 2012 12:00:00
Published 14 Sep 2012 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4421

Summary

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.

Vulnerable Systems

Application

  • Wordpress 0.71

  • Wordpress 1.0

  • Wordpress 1.0.1

  • Wordpress 1.0.2

  • Wordpress 1.1.1

  • Wordpress 1.2

  • Wordpress 1.2.1

  • Wordpress 1.2.2

  • Wordpress 1.2.3

  • Wordpress 1.2.4

  • Wordpress 1.2.5

  • Wordpress 1.3

  • Wordpress 1.3.2

  • Wordpress 1.3.3

  • Wordpress 1.5

  • Wordpress 1.5.1

  • Wordpress 1.5.1.1

  • Wordpress 1.5.1.2

  • Wordpress 1.5.1.3

  • Wordpress 1.5.2

  • Wordpress 2.0

  • Wordpress 2.0.1

  • Wordpress 2.0.10

  • Wordpress 2.0.11

  • Wordpress 2.0.2

  • Wordpress 2.0.4

  • Wordpress 2.0.5

  • Wordpress 2.0.6

  • Wordpress 2.0.7

  • Wordpress 2.0.8

  • Wordpress 2.0.9

  • Wordpress 2.1

  • Wordpress 2.1.1

  • Wordpress 2.1.2

  • Wordpress 2.1.3

  • Wordpress 2.2

  • Wordpress 2.2.1

  • Wordpress 2.2.2

  • Wordpress 2.2.3

  • Wordpress 2.3

  • Wordpress 2.3.1

  • Wordpress 2.3.2

  • Wordpress 2.3.3

  • Wordpress 2.5

  • Wordpress 2.5.1

  • Wordpress 2.6

  • Wordpress 2.6.1

  • Wordpress 2.6.2

  • Wordpress 2.6.3

  • Wordpress 2.6.5

  • Wordpress 2.7

  • Wordpress 2.7.1

  • Wordpress 2.8

  • Wordpress 2.8.1

  • Wordpress 2.8.2

  • Wordpress 2.8.3

  • Wordpress 2.8.4

  • Wordpress 2.8.5

  • Wordpress 2.8.5.1

  • Wordpress 2.8.5.2

  • Wordpress 2.8.6

  • Wordpress 2.9

  • Wordpress 2.9.1

  • Wordpress 2.9.1.1

  • Wordpress 2.9.2

  • Wordpress 3.0

  • Wordpress 3.0.1

  • Wordpress 3.0.2

  • Wordpress 3.0.3

  • Wordpress 3.0.4

  • Wordpress 3.0.5

  • Wordpress 3.0.6

  • Wordpress 3.1

  • Wordpress 3.1.1

  • Wordpress 3.1.2

  • Wordpress 3.1.3

  • Wordpress 3.1.4

  • Wordpress 3.2

  • Wordpress 3.2.1

  • Wordpress 3.3

  • Wordpress 3.3.1

  • Wordpress 3.3.2

  • Wordpress 3.3.3

  • Wordpress 3.4.0

  • Wordpress 3.4.1


References

MLIST - [oss-security] 20120913 Re: CVEs for wordpress 3.4.2 release

CONFIRM - http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file2

CONFIRM - http://codex.wordpress.org/Version_3.4.2


Last Updated: 27 May 2016 11:00:42