WordPress 3.4.x < 3.4.2 XSS / Access Restriction Bypass Vulnerability

WordPress is prone to a cross-site scripting XSS and access restriction bypass vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-late...

Cross site scripting

The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...