Versions of WordPress prior to 3.4.2 are susceptible to the following vulnerabilities :
- A flaw exists that is triggered when the ‘create_post’ function in the ‘wp-includes/class-wp-atom-server.php’ script fails to properly check for compatibility when creating new posts. This may allow a remote attacker to create a new post via the AtomPub feature. (CVE-2012-4421)
- A flaw exists that is triggered when the ‘wp-admin/plugins.php’ scripts fails to enforce network-administrator privileges before activating a plugin across a network. This may allow a remote authenticated attacker to make unintended changes to a plugin. (CVE-2012-4422)