ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.4.1 - XSS and BYPASS

Product
WordPress
Description
Because of these vulnerabilities, authenticated users can perform cross-site scripting attacks by leveraging the Administrator or Editor role and composing crafted text and bypass intended access restrictions.
Solution
Update WordPress.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2012-3383
Versions
Affected In <= 3.4.1
Fixed In 3.4.2
Disclosure date
2012-06-14
Credits
Andrew Nacin