{"id":"CVE-2015-5715","details":"The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.","modified":"2026-04-16T01:46:50.132303925Z","published":"2016-05-22T01:59:02Z","withdrawn":"2026-01-27T04:15:06.969327Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3375"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3383"},{"type":"FIX","url":"https://codex.wordpress.org/Version_4.3.1"},{"type":"FIX","url":"https://wordpress.org/news/2015/09/wordpress-4-3-1/"},{"type":"FIX","url":"https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab"},{"type":"WEB","url":"http://www.securityfocus.com/bid/76748"},{"type":"WEB","url":"http://www.securitytracker.com/id/1033979"},{"type":"WEB","url":"https://security-tracker.debian.org/tracker/CVE-2015-5715"},{"type":"WEB","url":"https://wpvulndb.com/vulnerabilities/8188"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}