[Secure-testing-team] Bug#606657: wordpress: Privilege escalation in posting rights fixed in 3.0.3
Dominic Hargreaves
dom at earth.li
Fri Dec 10 15:41:07 UTC 2010
Package: wordpress
Version: 3.0.2-1
Severity: grave
Tags: security
Justification: user security hole
Another week, another security fix in wordpress.
>From <http://codex.wordpress.org/Version_3.0.3>:
"Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts. (r16803)"
Fairly small set of changes which all appear to relate to this issue:
<http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.0.2&old=16857&new_path=%2Ftags%2F3.0.3&new=16857>
Cheers,
Dominic.
More information about the Secure-testing-team
mailing list