Lucene search

K

Veracode Vulnerability DatabaseVERACODE:22235

HistoryDec 30, 2019 - 1:55 a.m.

Authorization Bypass

2019-12-3001:55:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

EPSS

0.003

Percentile

68.4%

wordpress is vulnerable to authorization bypass. The vulnerability exists through a missing access control check in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php, allowing an unauthenticated user to post a sticky post through the REST API.

References

core.trac.wordpress.org/changeset/46893/trunk

github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9

github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw

github.com/WordPress/WordPress/commit/da95cca74cd3bfec0260ee93b179519a3e740742

seclists.org/bugtraq/2020/Jan/8

wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/

wpvulndb.com/vulnerabilities/9973

www.debian.org/security/2020/dsa-4599

www.debian.org/security/2020/dsa-4677

EPSS

0.003

Percentile

68.4%

Related for VERACODE:22235

debiancve1 cve2 prion1 nvd2 cvelist1 ubuntucve1 osv2 wpvulndb1 openvas3 debian4 nessus2