Medium severity4.3NVD Advisory· Published May 22, 2016· Updated Jun 17, 2026
CVE-2015-5715
CVE-2015-5715
Description
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 2 more
- (no CPE)
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=4.3.0
- (no CPE)range: <4.3.1
Patches
Vulnerability mechanics
References
9- codex.wordpress.org/Version_4.3.1nvdPatchVendor Advisory
- github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337abnvdPatch
- wordpress.org/news/2015/09/wordpress-4-3-1/nvdPatchVendor Advisory
- www.debian.org/security/2015/dsa-3375nvd
- www.debian.org/security/2015/dsa-3383nvd
- www.securityfocus.com/bid/76748nvd
- www.securitytracker.com/id/1033979nvd
- security-tracker.debian.org/tracker/CVE-2015-5715nvd
- wpvulndb.com/vulnerabilities/8188nvd
News mentions
0No linked articles in our index yet.