CVE-2012-4421

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.4.2

Description The issue concerns the create post function in WordPress, which fails to perform a capability check. This allows remote authenticated users with the Contributor role to bypass access restrictions and publish new posts using the Atom Publishing Protocol feature.

Recommendations For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the Contributor role's access to the Atom Publishing Protocol feature until the update is applied.