WordPress 3.7.1 & 3.8.1 – Privilege Escalation | CVE 2014-0165 | WordPress Vulnerabilities

Description

From the researcher (edik) who discovered the vulnerability:

Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI.

How to reproduce:

1. Login as contributor
2. Create a draft post
3. Mark the draft in post list and open the bulk edit form
4. Make use of tools like Firebug to change a value in the status dropdown. You have to set the value of an entry to 'publish'
5. Select the changed status entry
6. Push the button and welcome to the next level

Affects WordPress

Fixed in WordPress 3.8.2

Fixed in WordPress 3.7.2

References

CVE

URL

https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165

Miscellaneous

Verified

No

WPVDB ID

40586ac9-eb74-4663-850f-b84b14e563de

Timeline

Publicly Published

2014-08-01 (about 9 years ago)

Added

2014-08-01 (about 9 years ago)

Last Updated

2020-10-25 (about 3 years ago)

Other

Published

Title

Published

2016-03-22

Title

Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download

Published

2015-04-20

Title

Crayon Syntax Highlighter 2.0 - 2.6.10 - Defacement

Published

2024-01-27

Title

BookingPress < 1.0.75 - Unauthenticated Booking Price Manipulation

Published

2020-02-22

Title

CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing

Published

2023-01-30

Title

PrivateContent < 8.4.4 - Brute Force Protection Bypass