CVE-2011-1762 - OpenCVE

A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

OR	cpe:2.3:a:wordpress:wordpress::::::::
	cpe:2.3:a:wordpress:wordpress::::::::

No data.

References

Link	Providers
https://wordpress.org/support/wordpress-version/version-3-1-2/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-04-18T16:20:38

Updated: 2024-08-06T22:37:25.769Z

Reserved: 2011-04-19T00:00:00

Link: CVE-2011-1762

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-18T17:15:11.877

Modified: 2022-04-25T19:13:49.980

Link: CVE-2011-1762

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "wordpress", "vendor": "n/a", "versions": [{"status": "affected", "version": "wordpress before 3.0.6 and 3.1.2"}]}], "descriptions": [{"lang": "en", "value": "A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-18T16:20:38", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/support/wordpress-version/version-3-1-2/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1762", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "wordpress", "version": {"version_data": [{"version_value": "wordpress before 3.0.6 and 3.1.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/support/wordpress-version/version-3-1-2/", "refsource": "MISC", "url": "https://wordpress.org/support/wordpress-version/version-3-1-2/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:37:25.769Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/support/wordpress-version/version-3-1-2/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1762", "datePublished": "2022-04-18T16:20:38", "dateReserved": "2011-04-19T00:00:00", "dateUpdated": "2024-08-06T22:37:25.769Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37160B4-FFD9-47DA-8516-98A7120F4549", "versionEndExcluding": "3.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "625F1A16-EEED-4322-809E-AF1C311B9CFE", "versionEndExcluding": "3.1.2", "versionStartIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission."}, {"lang": "es", "value": "Se presenta un fallo en Wordpress relacionado con el script \"wp-admin/press-this.php\" que comprueba incorrectamente los permisos de usuario cuando son publicados posts. Esto puede permitir que un usuario con privilegios de tipo \"Contributor-level\" publique como si tuviera permiso \"publish_posts\""}], "id": "CVE-2011-1762", "lastModified": "2022-04-25T19:13:49.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-18T17:15:11.877", "references": [{"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/support/wordpress-version/version-3-1-2/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "secalert@redhat.com", "type": "Secondary"}]}