CVE-2012-4422

Wordpress < 3.4.1 - Access Control

Title source: rule

Description

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.

References (3)

Scores

EPSS 0.0024
EPSS Percentile 47.0%

Classification

CWE
CWE-264
Status draft

Affected Products (50)

wordpress/wordpress < 3.4.1
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
... and 35 more

Timeline

Published Sep 14, 2012
Tracked Since Feb 18, 2026