CVE-2012-4422 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2012-4422

Deferred

More Info Official Page

Source-secalert@redhat.com

Published At-14 Sep, 2012 | 19:55

Updated At-11 Apr, 2025 | 00:51

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

>>wordpress>>Versions up to 3.4.1(inclusive)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

>>wordpress>>0.71

cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*

>>wordpress>>1.0

cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*

>>wordpress>>1.0.1

cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*

>>wordpress>>1.0.2

cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*

>>wordpress>>1.1.1

cpe:2.3:a:wordpress:wordpress:1.1.1:*:*:*:*:*:*:*

>>wordpress>>1.2

cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*

>>wordpress>>1.2.1

cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*

>>wordpress>>1.2.2

cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*

>>wordpress>>1.2.3

cpe:2.3:a:wordpress:wordpress:1.2.3:*:*:*:*:*:*:*

>>wordpress>>1.2.4

cpe:2.3:a:wordpress:wordpress:1.2.4:*:*:*:*:*:*:*

>>wordpress>>1.2.5

cpe:2.3:a:wordpress:wordpress:1.2.5:*:*:*:*:*:*:*

>>wordpress>>1.2.5

cpe:2.3:a:wordpress:wordpress:1.2.5:a:*:*:*:*:*:*

>>wordpress>>1.3

cpe:2.3:a:wordpress:wordpress:1.3:*:*:*:*:*:*:*

>>wordpress>>1.3.2

cpe:2.3:a:wordpress:wordpress:1.3.2:*:*:*:*:*:*:*

>>wordpress>>1.3.3

cpe:2.3:a:wordpress:wordpress:1.3.3:*:*:*:*:*:*:*

>>wordpress>>1.5

cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*

>>wordpress>>1.5.1

cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*

>>wordpress>>1.5.1.1

cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*

>>wordpress>>1.5.1.2

cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*

>>wordpress>>1.5.1.3

cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*

>>wordpress>>1.5.2

cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*

>>wordpress>>2.0

cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*

>>wordpress>>2.0.1

cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*

>>wordpress>>2.0.2

cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*

>>wordpress>>2.0.4

cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

>>wordpress>>2.0.5

cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*

>>wordpress>>2.0.6

cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*

>>wordpress>>2.0.7

cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*

>>wordpress>>2.0.8

cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*

>>wordpress>>2.0.9

cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*

>>wordpress>>2.0.10

cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*

>>wordpress>>2.0.11

cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*

>>wordpress>>2.1

cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*

>>wordpress>>2.1.1

cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*

>>wordpress>>2.1.2

cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

>>wordpress>>2.1.3

cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*

>>wordpress>>2.2

cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*

>>wordpress>>2.2.1

cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*

>>wordpress>>2.2.2

cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*

>>wordpress>>2.2.3

cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*

>>wordpress>>2.3

cpe:2.3:a:wordpress:wordpress:2.3:*:*:*:*:*:*:*

>>wordpress>>2.3.1

cpe:2.3:a:wordpress:wordpress:2.3.1:*:*:*:*:*:*:*

>>wordpress>>2.3.2

cpe:2.3:a:wordpress:wordpress:2.3.2:*:*:*:*:*:*:*

>>wordpress>>2.3.3

cpe:2.3:a:wordpress:wordpress:2.3.3:*:*:*:*:*:*:*

>>wordpress>>2.5

cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*

>>wordpress>>2.5.1

cpe:2.3:a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*

>>wordpress>>2.6

cpe:2.3:a:wordpress:wordpress:2.6:*:*:*:*:*:*:*

>>wordpress>>2.6.1

cpe:2.3:a:wordpress:wordpress:2.6.1:*:*:*:*:*:*:*

>>wordpress>>2.6.2

cpe:2.3:a:wordpress:wordpress:2.6.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://codex.wordpress.org/Version_3.4.2	secalert@redhat.com	N/A
http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42	secalert@redhat.com	Exploit Patch
http://openwall.com/lists/oss-security/2012/09/13/4	secalert@redhat.com	N/A
http://codex.wordpress.org/Version_3.4.2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch
http://openwall.com/lists/oss-security/2012/09/13/4	af854a3a-2127-422b-91ae-364da2661108	N/A