Main Vulnerability Database Vulnerabilities #VU42740

#VU42740 Permissions, Privileges, and Access Controls in WordPress - CVE-2013-2200

Published: July 8, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42740

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-2200

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WordPress

Software vendor:
WordPress.ORG

Description

The vulnerability allows a remote #AU# to manipulate data.

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.

Remediation

Install update from vendor's website.

External links

http://codex.wordpress.org/Version_3.5.2
http://wordpress.org/news/2013/06/wordpress-3-5-2/
http://www.debian.org/security/2013/dsa-2718
https://bugzilla.redhat.com/show_bug.cgi?id=976784

#VU42740 Permissions, Privileges, and Access Controls in WordPress - CVE-2013-2200

Description

Remediation

External links

Please verify you're human