CVE-2012-4422
- Source
- https://cve.org/CVERecord?id=CVE-2012-4422
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-4422.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2012-4422
- Downstream
- Published
- 2012-09-14T19:55:01Z
- Modified
- 2026-04-10T03:42:27.979852Z
- Summary
- [none]
- Details
-
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.
- References
-
- http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42
- http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42
- http://codex.wordpress.org/Version_3.4.2
- http://openwall.com/lists/oss-security/2012/09/13/4