VDB
CVE-2015-5715
CVE-2015-5715
REJECTED
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
EPSS 28.52% · 96.6th percentile
Risk Scores
EPSS Score
28.52%
96.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | wordpress | 0, * |
Exploit Intelligence
- 76748 (circl)
- https://security-tracker.debian.org/tracker/CVE-2015-5715 (circl)
- https://codex.wordpress.org/Version_4.3.1 (circl)
- DSA-3375 (circl)
- https://wordpress.org/news/2015/09/wordpress-4-3-1/ (circl)
- https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab (circl)
- https://wpvulndb.com/vulnerabilities/8188 (circl)
- 1033979 (circl)
- DSA-3383 (circl)
Timeline
- May 22, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 12, 2025 CVE Updated
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jun 19, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-5715 third-party-advisory
- https://wordpress.org/news/2015/09/wordpress-4-3-1/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-5715 third-party-advisory