CVE-2011-5270

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.

Published: Jan 21, 2014
Updated: Apr 13, 2023
CVE: CVE-2011-5270
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
WordPress / wordpress	-	3.0.5.x
WordPress / wordpress	3.0.2	3.0.2.x
WordPress / wordpress	3.0	3.0.x
WordPress / wordpress	3.0.1	3.0.1.x
WordPress / wordpress	3.0.4	3.0.4.x
WordPress / wordpress	3.0.3	3.0.3.x

http://codex.wordpress.org/Version_3.0.6
https://core.trac.wordpress.org/changeset/17710

Vulnerability Database

289,697

CVE-2011-5270