thr3ads.net - Secure testing team - [Secure-testing-team] Bug#606657: wordpress: Privilege escalation in posting rights fixed in 3.0.3 [Dec 2010]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Dominic Hargreaves

2010-Dec-10 15:41 UTC

[Secure-testing-team] Bug#606657: wordpress: Privilege escalation in posting rights fixed in 3.0.3

Package: wordpress
Version: 3.0.2-1
Severity: grave
Tags: security
Justification: user security hole

Another week, another security fix in wordpress.
>From <http://codex.wordpress.org/Version_3.0.3>:
"Fixes issues in the XML-RPC remote publishing interface which under
certain circumstances allowed Author- and Contributor-level users to improperly
edit, publish or delete posts. (r16803)"

Fairly small set of changes which all appear to relate to this issue:

<http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.0.2&old=16857&new_path=%2Ftags%2F3.0.3&new=16857>

Cheers,
Dominic.

Secure testing team - Dec 2010 - Bug#606657: wordpress: Privilege escalation in posting rights fixed in 3.0.3

[Secure-testing-team] Bug#606657: wordpress: Privilege escalation in posting rights fixed in 3.0.3