Description

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.

Remediation

References

CVE-2012-4422

Related Vulnerabilities

WordPress Plugin My Calendar Multiple Vulnerabilities (2.3.29)

WordPress Plugin Rise Blocks-A Complete Gutenberg Page Builder Unspecified Vulnerability (1.0.0)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4305)

WordPress Plugin LiveChat-WP live chat Cross-Site Scripting (3.7.3)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0312)

Severity

Low

Classification

CVE-2012-4422 CWE-264

Tags

Missing Update Known Vulnerabilities