CVE-2012-4422

2012-09-14T15:55:01
ID CVE-2012-4422
Type cve
Reporter NVD
Modified 2012-09-17T00:00:00

Description

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.