CVE-2012-3383

Name of the Vulnerable Software and Affected Versions WordPress versions 3.4.0 through 3.4.1

Description The issue allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. This occurs due to the map meta cap function not properly assigning the unfiltered html capability when the multisite feature is enabled.

Recommendations For WordPress versions 3.4.0 through 3.4.1, update to version 3.4.2 or later to resolve the issue.