garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated CVE 2014 0165 (markdown)

Ryan Dewhurst
2014-04-09 13:56:50 -07:00
parent 0f507b5528
commit b578287c9e
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2014-0165.md

@@ -1,3 +1,7 @@
From WordPress:
"Privilege escalation: prevent contributors from publishing posts."
From the researcher (edik) who found the vulnerability: From the researcher (edik) who found the vulnerability:
Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI. Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI.