WordPress <= 3.4.1 - XSS and BYPASS

2012-06-1400:00:00

Andrew Nacin

patchstack.com

0.003 Low

EPSS

Percentile

70.8%

JSON

Because of these vulnerabilities, authenticated users can perform cross-site scripting attacks by leveraging the Administrator or Editor role and composing crafted text and bypass intended access restrictions.

Solution

           Update WordPress.

CPENameOperatorVersion
wordpressle3.4.1

CPE	Name	Operator	Version
	wordpress	le	3.4.1

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3383

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for PATCHSTACK:D29ACE8F9E7925629C5A973C408B7FCE