Wordpress » Wordpress : Security Vulnerabilities Published In 2012 (Bypass)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2012-4421 |
264 |
|
Bypass |
2012-09-14 |
2012-09-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. |
2 |
CVE-2012-3383 |
264 |
|
XSS Bypass |
2012-07-22 |
2012-09-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. |
3 |
CVE-2012-2402 |
264 |
|
Bypass |
2012-04-21 |
2017-12-18 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors. |
4 |
CVE-2012-2401 |
264 |
|
Bypass |
2012-04-21 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. |
5 |
CVE-2010-5106 |
264 |
|
Bypass |
2012-09-14 |
2012-09-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role. |
Total number of vulnerabilities :
5
Page :
1
(This Page)