Incorrect Default Permissions
CVE-2011-1762
Summary
A flaw exists in Wordpress related to the 'wp-admin/press-this.php' script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. This issue affects versions prior to 3.1.2
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
References
Advisory Timeline
- Published
