Multiple vulnerabilities in WordPress
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2012-4421 CVE-2012-4422 CVE-2012-3383 |
| CWE-ID | CWE-264 CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
WordPress Web applications / CMS |
| Vendor | WordPress.ORG |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU43515
Risk: Low
CVSSv3.1: 1.3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-4421
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.
MitigationInstall update from vendor's website.
Vulnerable software versionsWordPress: 0.71 - 3.4.0
External linkshttp://codex.wordpress.org/Version_3.4.2
http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file2
http://openwall.com/lists/oss-security/2012/09/13/4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU43516
Risk: Low
CVSSv3.1: 1.3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-4422
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.
MitigationInstall update from vendor's website.
Vulnerable software versionsWordPress: 0.71 - 3.4.0
External linkshttp://codex.wordpress.org/Version_3.4.2
http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42
http://openwall.com/lists/oss-security/2012/09/13/4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU43798
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2012-3383
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsWordPress: 3.4.0
External linkshttp://codex.wordpress.org/Version_3.4.1
http://codex.wordpress.org/Version_3.4.2
http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file23
http://core.trac.wordpress.org/changeset?reponame=&new=21153%40branches%2F3.4&old=21076%40trunk#file16
http://openwall.com/lists/oss-security/2012/09/12/17
http://www.openwall.com/lists/oss-security/2012/07/02/1
http://www.openwall.com/lists/oss-security/2012/07/08/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
