CVE-2007-1893

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2007-1893

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-1893.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2007-1893

Downstream

DEBIAN-CVE-2007-1893

DSA-1285-1

Published

2007-04-09T20:19:00Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

References

http://secunia.com/advisories/24751
http://secunia.com/advisories/25108
http://www.debian.org/security/2007/dsa-1285
http://www.vupen.com/english/advisories/2007/1245
http://trac.wordpress.org/ticket/4091
http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/
https://exchange.xforce.ibmcloud.com/vulnerabilities/33470

CVE-2007-1893

Affected packages