Unrated severityNVD Advisory· Published Sep 12, 2013· Updated Jun 16, 2026
CVE-2013-4340
CVE-2013-4340
Description
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=3.6
- (no CPE)range: < 3.6.1
Patches
Vulnerability mechanics
References
7- wordpress.org/news/2013/09/wordpress-3-6-1/nvdPatchVendor Advisory
- core.trac.wordpress.org/changeset/25321nvdExploitPatch
- codex.wordpress.org/Version_3.6.1nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.htmlnvd
- www.debian.org/security/2013/dsa-2757nvd
News mentions
0No linked articles in our index yet.