CVE-2012-4421

Priority
Description
The create_post function in wp-includes/class-wp-atom-server.php in
WordPress before 3.4.2 does not perform a capability check, which allows
remote authenticated users to bypass intended access restrictions and
publish new posts by leveraging the Contributor role and using the Atom
Publishing Protocol (aka AtomPub) feature.
Notes
Package
Upstream:released (3.4.2+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.4.2+dfsg-1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.2+dfsg-1)
More Information

Updated: 2020-09-10 02:14:43 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)