WordPress < 3.0.3 XML-RPC Interface Access Restriction Bypass
Medium Nessus Network Monitor Plugin ID 9112
SynopsisThe remote server is hosting an outdated installation of WordPress that is vulnerable to a security bypass attack.
DescriptionVersions of WordPress prior to 3.0.3 are susceptible to a security bypass vulnerability. Certain access control restrictions are not properly enforced, which could allow a remote, authenticated user to perform unauthorized actions such as editing, publishing, or deleting existing posts using specially crafted XML-RPC requests. Note that a user must have 'Author Level' or 'Contributor Level' permissions to exploit this issue. Additionally, remote publishing (which is disabled by default) must be enabled.
SolutionUpgrade to WordPress 3.0.3, or later.