From 543aa39ae28f2c1c110591e7d6b78637ba46d702 Mon Sep 17 00:00:00 2001
From: Ryan Dewhurst <ryandewhurst@gmail.com>
Date: Thu, 2 Apr 2020 21:13:51 +0200
Subject: [PATCH] Destroyed CVE 2014 0165 (markdown)

---
 CVE-2014-0165.md | 21 ---------------------
 1 file changed, 21 deletions(-)
 delete mode 100644 CVE-2014-0165.md

diff --git a/CVE-2014-0165.md b/CVE-2014-0165.md
deleted file mode 100644
index 8a2761e..0000000
--- a/CVE-2014-0165.md
+++ /dev/null
@@ -1,21 +0,0 @@
-From WordPress:
-
-"Privilege escalation: prevent contributors from publishing posts."
-
-From the researcher (edik) who found the vulnerability:
-
-Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI.
-
-How to reproduce:
-
-1. Login as contributor
-
-2. Create a draft post
-
-3. Mark the draft in post list and open the bulk edit form
-
-4. Make use of tools like Firebug to change a value in the status dropdown. You have to set the value of an entry to 'publish'
-
-5. Select the changed status entry
-
-6. Push the button and welcome to the next level