Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2015-5715

The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.

  • Published: May 22, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-5715
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

Software From Fixed in
WordPress / wordpress - 4.3.0.x