[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-5715Date: (C)2016-06-02   (M)2023-12-22


The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.3CVSS Score : 4.0
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
SECTRACK-1033979
BID-76748
DSA-3375
DSA-3383
https://codex.wordpress.org/Version_4.3.1
https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab
https://security-tracker.debian.org/tracker/CVE-2015-5715
https://wordpress.org/news/2015/09/wordpress-4-3-1/
https://wpvulndb.com/vulnerabilities/8188

CPE    1
cpe:/a:wordpress:wordpress
CWE    1
CWE-264
OVAL    4
oval:org.secpod.oval:def:602263
oval:org.secpod.oval:def:602249
oval:org.secpod.oval:def:109537
oval:org.secpod.oval:def:109550
...

© SecPod Technologies