Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 3.0.3 XML-RPC Interface Access Restriction Bypass

Medium

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to a security bypass attack.

Description

Versions of WordPress prior to 3.0.3 are susceptible to a security bypass vulnerability. Certain access control restrictions are not properly enforced, which could allow a remote, authenticated user to perform unauthorized actions such as editing, publishing, or deleting existing posts using specially crafted XML-RPC requests. Note that a user must have 'Author Level' or 'Contributor Level' permissions to exploit this issue. Additionally, remote publishing (which is disabled by default) must be enabled.

Solution

Upgrade to WordPress 3.0.3, or later.