EPSS
Percentile
64.3%
wordpress is vulnerable to authorization bypass. A user without the publish_posts access rights is able to mark or unmark posts as sticky via the REST API.
publish_posts
github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9
github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw
wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
wpvulndb.com/vulnerabilities/9973