#VU43515 Permissions, Privileges, and Access Controls in WordPress - CVE-2012-4421
Vulnerability identifier: #VU43515
Vulnerability risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
WordPress
Web applications /
CMS
Vendor: WordPress.ORG
Description
The vulnerability allows a remote #AU# to manipulate data.
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.
Mitigation
Install update from vendor's website.
Vulnerable software versions
WordPress: 0.71, 1.0 - 1.0.2, 1.1.1, 1.2 - 1.2.5, 1.3, 1.3.2, 1.3.3, 1.5 - 1.5.2, 2.0 - 2.0.11, 2.1 - 2.1.3, 2.2 - 2.2.3, 2.3 - 2.3.3, 2.5 - 2.5.1, 2.6 - 2.6.5, 2.7 - 2.7.1, 2.8 - 2.8.6, 2.9 - 2.9.2, 3.0 - 3.0.6, 3.1 - 3.1.4, 3.2 - 3.2.1, 3.3 - 3.3.3, 3.4.0
External links
https://codex.wordpress.org/Version_3.4.2
https://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file2
https://openwall.com/lists/oss-security/2012/09/13/4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
