Vulnerability Details : CVE-2015-5715
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
Threat overview for CVE-2015-5715
Top countries where our scanners detected CVE-2015-5715
Top open port discovered on systems with this issue
80
IPs affected by CVE-2015-5715 5
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-5715!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-5715
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5715
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2015-5715
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5715
-
https://security-tracker.debian.org/tracker/CVE-2015-5715
CVE-2015-5715
-
https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab
XMLRPC: Don't allow private posts to be sticky. · WordPress/WordPress@9c57f3a · GitHubPatch
-
http://www.debian.org/security/2015/dsa-3375
Debian -- Security Information -- DSA-3375-1 wordpress
-
http://www.securitytracker.com/id/1033979
WordPress Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Bypass Publishing Permission Checks - SecurityTracker
-
https://wpvulndb.com/vulnerabilities/8188
WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
-
http://www.securityfocus.com/bid/76748
WordPress CVE-2015-5715 Security Bypass Vulnerability
-
https://wordpress.org/news/2015/09/wordpress-4-3-1/
News – WordPress 4.3.1 Security and Maintenance Release – WordPress.orgPatch;Vendor Advisory
-
https://codex.wordpress.org/Version_4.3.1
Version 4.3.1 | WordPress.orgPatch;Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3383
Debian -- Security Information -- DSA-3383-1 wordpress
Products affected by CVE-2015-5715
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*