3448 matches found
CVE-2010-5297
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a...
CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
CVE-2010-5296
CVE-2010-5296 affects WordPress core prior to 3.0.2 in Multisite deployments. The issue is in wp-includes/capabilities.php where the delete_users capability can be exercised without requiring the Super Admin role, allowing remote authenticated administrators to bypass intended access restrictions...
CVE-2010-5297
The entry describes WordPress before 3.0.1 (Multisite) where the option “site administrators can add users”, once changed, is permanently retained and cannot be turned off. This may allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via...
CVE-2010-5297
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a...
CVE-2012-1656
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field...
Sql injection
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field...
CVE-2012-1656
The CVE-2012-1656 issue affects the Drupal Multisite Search module (6.x-2.2). The module does not sufficiently escape user input when constructing queries, enabling SQL injection via the Site table prefix field by remote authenticated users with certain permissions. Affected: Multisite Search mod...
CVE-2012-1656
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field...
CVE-2012-4422
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveragi...
DEBIAN-CVE-2012-4422
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveragi...
CVE-2012-4422
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveragi...
CVE-2012-4422
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveragi...
CVE-2012-4422
CVE-2012-4422 affects WordPress prior to 3.4.2 with multisite enabled. The vulnerability arises when network-wide activation of plugins is performed without verifying network-administrator privileges, potentially allowing remote authenticated users to make unintended plugin changes by abusing the...
WordPress < 3.4.2 Multiple Vulnerabilities
According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified bug that affects multisite installs with untrusted users. - The application is affected by an unspecified vulnerability...
FreeBSD : wordpress -- multiple unspecified privilege escalation bugs (30149157-f926-11e1-95cd-001fd0af1a4c)
Wordpress reports : Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security tea...
wordpress -- multiple unspecified privilege escalation bugs
Wordpress reports: Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team...
DEBIAN-CVE-2012-3383
The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...
Cross site scripting
The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...