WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability

WordPress is prone to a security-bypass vulnerability because the application fails to properly perform user-profile checks.

Remote attackers with 'Author' and 'Contributor' privileges can exploit this issue to improperly edit, publish, or delete posts under certain circumstances.

Note that successful exploitation requires the application to be enabled with the remote publishing feature.

WordPress versions prior to 3.0.3 are vulnerable; other versions may be affected.


Privacy Statement
Copyright 2010, SecurityFocus