ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.4.1 - BYPASS

Product
WordPress
Description
Because of this vulnerability, remote authenticated users can bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol feature.
Solution
Update the plugin.
Classification
Type BYPASS
References
CVE Mitre
CVE
Name CVE-2012-4421
Versions
Affected In <= 3.4.1
Fixed In 3.4.2
Disclosure date
2012-08-21
Credits
Kurt Seifried