Lucene search
HistoryApr 21, 2012 - 11:55 p.m.
CVE-2012-2402
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
5.9
Confidence
Low
EPSS
0.002
Percentile
52.2%
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
Affected configurations
Node
wordpresswordpressRange≤3.3.1
ORwordpresswordpressMatch0.71
ORwordpresswordpressMatch1.0
ORwordpresswordpressMatch1.0.1
ORwordpresswordpressMatch1.0.2
ORwordpresswordpressMatch1.1.1
ORwordpresswordpressMatch1.2
ORwordpresswordpressMatch1.2.1
ORwordpresswordpressMatch1.2.2
ORwordpresswordpressMatch1.2.3
ORwordpresswordpressMatch1.2.4
ORwordpresswordpressMatch1.2.5
ORwordpresswordpressMatch1.2.5a
ORwordpresswordpressMatch1.3
ORwordpresswordpressMatch1.3.2
ORwordpresswordpressMatch1.3.3
ORwordpresswordpressMatch1.5
ORwordpresswordpressMatch1.5.1
ORwordpresswordpressMatch1.5.1.1
ORwordpresswordpressMatch1.5.1.2
ORwordpresswordpressMatch1.5.1.3
ORwordpresswordpressMatch1.5.2
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.4a
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.5.1
ORwordpresswordpressMatch2.8.5.2
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.1.1
ORwordpresswordpressMatch2.9.2
ORwordpresswordpressMatch3.0
ORwordpresswordpressMatch3.0.1
ORwordpresswordpressMatch3.0.2
ORwordpresswordpressMatch3.0.3
ORwordpresswordpressMatch3.0.4
ORwordpresswordpressMatch3.0.5
ORwordpresswordpressMatch3.0.6
ORwordpresswordpressMatch3.1
ORwordpresswordpressMatch3.1.1
ORwordpresswordpressMatch3.1.2
ORwordpresswordpressMatch3.1.3
ORwordpresswordpressMatch3.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.71 | cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0 | cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.1 | cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.2 | cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.1.1 | cpe:2.3:a:wordpress:wordpress:1.1.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2 | cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.1 | cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.2 | cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.3 | cpe:2.3:a:wordpress:wordpress:1.2.3:*:*:*:*:*:*:* |
References
core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php
osvdb.org/81462
secunia.com/advisories/48957
secunia.com/advisories/49138
wordpress.org/news/2012/04/wordpress-3-3-2/
www.debian.org/security/2012/dsa-2470
www.securityfocus.com/bid/53192
exchange.xforce.ibmcloud.com/vulnerabilities/75090
exchange.xforce.ibmcloud.com/vulnerabilities/75207
Related
debiancve
debiancve
CVE-2012-2402
2012-04-21 23:55:01
cvelist
cvelist
CVE-2012-2402
2012-04-21 23:00:00
patchstack
patchstack
WordPress <= 3.3.1 - BYPASS
2012-04-21 00:00:00
cve
cve
CVE-2012-2402
2012-04-21 23:55:01
prion
prion
Design/Logic Flaw
2012-04-21 23:55:00
ubuntucve
ubuntucve
CVE-2012-2402
2012-04-21 00:00:00
openvas
openvas
FreeBSD Ports: wordpress
2012-04-30 00:00:00
FreeBSD Ports: wordpress
2012-04-30 00:00:00
Fedora Update for wordpress FEDORA-2012-6511
2012-05-14 00:00:00
freebsd
freebsd
wordpress -- multiple vulnerabilities
2012-04-20 00:00:00
nessus
nessus
FreeBSD : wordpress -- multiple vulnerabilities (b384cc5b-8d56-11e1-8d7b-003067b2972c)
2012-04-24 00:00:00
Fedora 16 : wordpress-3.3.2-2.fc16 (2012-6542)
2012-05-14 00:00:00
Fedora 15 : wordpress-3.3.2-2.fc15 (2012-6511)
2012-05-14 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: wordpress-3.3.2-2.fc15
2012-05-11 10:30:10
[SECURITY] Fedora 16 Update: wordpress-3.3.2-2.fc16
2012-05-11 10:27:22
[SECURITY] Fedora 17 Update: wordpress-3.3.2-2.fc17
2012-05-26 08:10:24
debian
debian
[SECURITY] [DSA 2670-1] wordpress security update
2012-05-11 20:41:14
osv
osv
wordpress - several
2012-05-11 00:00:00
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
5.9
Confidence
Low
EPSS
0.002
Percentile
52.2%
Related for NVD:CVE-2012-2402