Vulnerabilities > Wordpress > Wordpress > 3.3.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-09-14 | CVE-2012-4421 | Permissions, Privileges, and Access Controls vulnerability in Wordpress The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. | 4.0 |
2012-07-22 | CVE-2012-3385 | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | 5.0 |
2012-07-22 | CVE-2012-3384 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |