From 0f507b552811cc1eba3716a853372b26fcbc1f57 Mon Sep 17 00:00:00 2001
From: Ryan Dewhurst <ryandewhurst@gmail.com>
Date: Wed, 9 Apr 2014 13:54:18 -0700
Subject: [PATCH] Updated CVE 2014 0165 (markdown)

---
 CVE-2014-0165.md | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/CVE-2014-0165.md b/CVE-2014-0165.md
index 81427ea..a2da78f 100644
--- a/CVE-2014-0165.md
+++ b/CVE-2014-0165.md
@@ -1,9 +1,17 @@
+From the researcher (edik) who found the vulnerability:
+
 Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI.
 
 How to reproduce:
+
 1. Login as contributor
+
 2. Create a draft post
+
 3. Mark the draft in post list and open the bulk edit form
-4. Make use of tools like Firebug to change a value in the status dropdown. You have to set the value of an entry to 'publish' 
-5. Select the changed status entry 
-6. Push the button and welcome to the next level
\ No newline at end of file
+
+4. Make use of tools like Firebug to change a value in the status dropdown. You have to set the value of an entry to 'publish'
+
+5. Select the changed status entry
+
+6. Push the button and welcome to the next level