Description
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.
Remediation
References
Related Vulnerabilities
WordPress Plugin Woocommerce Categories in gallery format Cross-Site Scripting (1.0.1)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45364)
WordPress Plugin Yoast SEO Cross-Site Scripting (2.1.1)
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-15882)