Dominic Hargreaves
2010-Dec-10 15:41 UTC
[Secure-testing-team] Bug#606657: wordpress: Privilege escalation in posting rights fixed in 3.0.3
Package: wordpress Version: 3.0.2-1 Severity: grave Tags: security Justification: user security hole Another week, another security fix in wordpress.>From <http://codex.wordpress.org/Version_3.0.3>:"Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts. (r16803)" Fairly small set of changes which all appear to relate to this issue: <http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.0.2&old=16857&new_path=%2Ftags%2F3.0.3&new=16857> Cheers, Dominic.