{"id":"CVE-2007-1893","details":"xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to \"publish a previously saved post.\"","modified":"2026-01-27T04:08:56.098535Z","published":"2007-04-09T20:19:00Z","withdrawn":"2026-01-27T04:08:56.098535Z","references":[{"type":"FIX","url":"http://secunia.com/advisories/24751"},{"type":"ADVISORY","url":"http://secunia.com/advisories/25108"},{"type":"ADVISORY","url":"http://www.debian.org/security/2007/dsa-1285"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2007/1245"},{"type":"WEB","url":"http://trac.wordpress.org/ticket/4091"},{"type":"WEB","url":"http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33470"}],"schema_version":"1.7.3"}