CVE-2012-3383

2012-07-2200:00:00

ubuntu.com

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.8%

JSON

The map_meta_cap function in wp-includes/capabilities.php in WordPress
3.4.x before 3.4.2, when the multisite feature is enabled, does not
properly assign the unfiltered_html capability, which allows remote
authenticated users to bypass intended access restrictions and conduct
cross-site scripting (XSS) attacks by leveraging the Administrator or
Editor role and composing crafted text.