CVE-2010-5106
EPSS 0.30%
Description
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
How to fix CVE-2010-5106
To remediate CVE-2010-5106, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 3.0.3-1 or later
Is CVE-2010-5106 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.0.3-1