Unrated severityNVD Advisory· Published Apr 9, 2007· Updated Jun 16, 2026
CVE-2007-1893
CVE-2007-1893
Description
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
Affected products
2cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=2.1.2
- (no CPE)range: <=2.1.2
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/24751nvdPatchVendor Advisory
- secunia.com/advisories/25108nvdVendor Advisory
- www.vupen.com/english/advisories/2007/1245nvdVendor Advisory
- trac.wordpress.org/ticket/4091nvd
- www.debian.org/security/2007/dsa-1285nvd
- www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/33470nvd
News mentions
0No linked articles in our index yet.