9 matches found
CVE-2026-7636
The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...
WordPress 3.4.x < 3.4.2 XSS / Access Restriction Bypass Vulnerability
WordPress is prone to a cross-site scripting XSS and access restriction bypass vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-late...
WordPress <=4.2.2 由竞争条件导致的权限提升
WordPress采用了一种功能丰富、易于扩展的角色和能力模型,其中每个用户都被指定一种角色,从权限最低的订阅者到有无限权力的超级管理员。我们知道,即使订阅者也是有权访问WordPress管理员控制面板的,该面板位于/admin目录。相对于管理员而言,订阅者可以使用的面板选项极为有限,因为会受到相应权限的限制。在默认情况下,订阅者只有“readpage”和“readpost”权限,可以读取文章和网页。...
CVE-2012-3383
The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...
DEBIAN-CVE-2012-3383
The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...
Cross site scripting
The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...
CVE-2012-3383
The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...
CVE-2012-3383
The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...
CVE-2012-3383
The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...