CVE-2012-3383 in WordPressinfo

Summary

The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

06/14/2012

Disclosure

07/22/2012

Moderation

VulDB entry created

Entries

VDB-61385 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

4.3

EPSS

0.00154

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3383
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3383
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3383/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!