Main Vulnerability Database Vulnerabilities #VU42740

Permissions, Privileges, and Access Controls in WordPress - CVE-2013-2200

Published: July 8, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42740

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-2200

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WordPress.ORG

Affected software:
WordPress

Detailed vulnerability description

The vulnerability allows a remote #AU# to manipulate data.

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.

How to mitigate CVE-2013-2200

Install update from vendor's website.

Sources

http://codex.wordpress.org/Version_3.5.2
http://wordpress.org/news/2013/06/wordpress-3-5-2/
http://www.debian.org/security/2013/dsa-2718
https://bugzilla.redhat.com/show_bug.cgi?id=976784

Permissions, Privileges, and Access Controls in WordPress - CVE-2013-2200

Detailed vulnerability description

How to mitigate CVE-2013-2200

Sources

Please verify you're human