Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce

Simon discovered that authors could create posts of unauthorized post types with specially crafted input fixed. This was fixed in [the 5.0.1 release](https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/), and Simon has published [more details on his blog](https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/).