Updated CVE 2014 0165 (markdown)

2014-04-09 13:56:50 -07:00
parent 0f507b5528
commit b578287c9e
1 changed files with 4 additions and 0 deletions
--- a/CVE-2014-0165.md
+++ b/CVE-2014-0165.md
@@ -1,3 +1,7 @@
+From WordPress:
+
+"Privilege escalation: prevent contributors from publishing posts."
+
 From the researcher (edik) who found the vulnerability:

 Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI.