Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 3.0.3 XML-RPC Interface Access Restriction Bypass



The remote server is hosting an outdated installation of WordPress that is vulnerable to a security bypass attack.


Versions of WordPress prior to 3.0.3 are susceptible to a security bypass vulnerability. Certain access control restrictions are not properly enforced, which could allow a remote, authenticated user to perform unauthorized actions such as editing, publishing, or deleting existing posts using specially crafted XML-RPC requests. Note that a user must have 'Author Level' or 'Contributor Level' permissions to exploit this issue. Additionally, remote publishing (which is disabled by default) must be enabled.


Upgrade to WordPress 3.0.3, or later.