Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2012-3383
Good to know:
Date: July 22, 2012
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.
Language: PHP
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Permissions, Privileges, and Access Control
CWE-264Top Fix
Upgrade Version
Upgrade to version radialfunction/unicourt-blog - 3.4.2;inpsyde/wordpress-dev - 3.4.2;inpsyde/wordpress-dev - 3.4.x-dev;kanopi/wordpress-core - 3.4.2;openify/wordpress-composer - 3.4.2;vocativ/wordpress - 3.4.x-dev;vocativ/wordpress - 3.4.2;dotcra/wprdpress - 3.4.2;medreleaf/wordpress - 3.4.x-dev;medreleaf/wordpress - 3.4.2;cyruscollier/wordpress-develop - 3.4.2;wplib/wordpress - 3.4.2;mindgruve/wordpress - 3.4.2;humanit-se/wordpress-sv - v3.4.2;jesseberkhof/wordpress-fork - 3.4.2
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | LOW |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | HIGH |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | PARTIAL |
| Availability (A): | NONE |
| Additional information: |