Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-5715

The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.

Related bugs and status

CVE-2015-5715 (Candidate) is related to these bugs:

Bug #1496825: Wordpress package security issue

		In	Importance	Status
1496825	Wordpress package security issue	wordpress (Ubuntu)	Undecided	Fix Released
1496825	Wordpress package security issue	wordpress (Ubuntu Trusty)	Undecided	Confirmed
1496825	Wordpress package security issue	wordpress (Ubuntu Precise)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://codex.wordpres...
CONFIRM: https://github.com/Wor...
CONFIRM: https://security-track...
CONFIRM: https://wordpress.org/...
BID: 76748
MISC: https://wpvulndb.com/v...
SECTRACK: 1033979
DEBIAN: DSA-3375
DEBIAN: DSA-3383