WordPress < 3.0.3 XML-RPC Interface Access Restriction Bypass

medium Nessus Plugin ID 51341

Synopsis

The remote web server contains a PHP application with a security bypass vulnerability.

Description

According to its version number, the installation of WordPress is prior to 3.0.3. It is, therefore, affected by a security bypass vulnerability. Certain access control restrictions are not properly enforced, which could allow a remote, authenticated user to perform unauthorized actions such as editing, publishing, or deleting existing posts using specially crafted XML-RPC requests.

Note that a user must have 'Author Level' or 'Contributor Level' permissions to exploit this issue. Additionally, remote publishing (which is disabled by default) must be enabled.

Solution

Upgrade to WordPress 3.0.3 or later.

See Also

https://wordpress.org/news/2010/12/wordpress-3-0-3/

https://codex.wordpress.org/Version_3.0.3

Plugin Details

Severity: Medium

ID: 51341

File Name: wordpress_3_0_3.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 12/17/2010

Updated: 6/5/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2010-5106

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 12/8/2010

Vulnerability Publication Date: 12/8/2010

Reference Information

CVE: CVE-2010-5106

BID: 45299

Secunia: 42553