PT-2012-4677 · WordPress · Wordpress
Kurt Seifried
·
Published
2012-07-22
·
Updated
2012-09-18
·
CVE-2012-3383
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress versions 3.4.0 through 3.4.1
Description
The issue allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. This occurs due to the map meta cap function not properly assigning the unfiltered html capability when the multisite feature is enabled.
Recommendations
For WordPress versions 3.4.0 through 3.4.1, update to version 3.4.2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress