wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-09-14 12:55
Updated : 2012-09-16 21:00
NVD link : CVE-2012-4422
Mitre link : CVE-2012-4422
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
wordpress
- wordpress