Description
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Analytics Counter Tracker PHP Object Injection (3.4.0)
OpenSSL Resource Management Errors Vulnerability (CVE-2012-1165)
WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.19)
WordPress Plugin oQey Gallery 'tbpv_domain' Parameter Cross-Site Scripting (0.2)