CVE-2007-1893
- Source
- https://cve.org/CVERecord?id=CVE-2007-1893
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-1893.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2007-1893
- Downstream
- Withdrawn
- 2026-01-27T04:08:56.098535Z
- Published
- 2007-04-09T20:19:00Z
- Modified
- 2026-01-27T04:08:56.098535Z
- Summary
- [none]
- Details
-
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
- References
-
- http://secunia.com/advisories/24751
- http://secunia.com/advisories/25108
- http://www.debian.org/security/2007/dsa-1285
- http://www.vupen.com/english/advisories/2007/1245
- http://trac.wordpress.org/ticket/4091
- http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33470