5.5

CVE-2012-2402

WordPress Core < 3.3.2 - Authorization Bypass

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.3.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 3.3.1
WordpressWordpress Version0.71
WordpressWordpress Version1.0
WordpressWordpress Version1.0.1
WordpressWordpress Version1.0.2
WordpressWordpress Version1.1.1
WordpressWordpress Version1.2
WordpressWordpress Version1.2.1
WordpressWordpress Version1.2.2
WordpressWordpress Version1.2.3
WordpressWordpress Version1.2.4
WordpressWordpress Version1.2.5
WordpressWordpress Version1.2.5 Updatea
WordpressWordpress Version1.3
WordpressWordpress Version1.3.2
WordpressWordpress Version1.3.3
WordpressWordpress Version1.5
WordpressWordpress Version1.5.1
WordpressWordpress Version1.5.1.1
WordpressWordpress Version1.5.1.2
WordpressWordpress Version1.5.1.3
WordpressWordpress Version1.5.2
WordpressWordpress Version2.0
WordpressWordpress Version2.0.1
WordpressWordpress Version2.0.2
WordpressWordpress Version2.0.4
WordpressWordpress Version2.0.5
WordpressWordpress Version2.0.6
WordpressWordpress Version2.0.7
WordpressWordpress Version2.0.8
WordpressWordpress Version2.0.9
WordpressWordpress Version2.0.10
WordpressWordpress Version2.0.11
WordpressWordpress Version2.1
WordpressWordpress Version2.1.1
WordpressWordpress Version2.1.2
WordpressWordpress Version2.1.3
WordpressWordpress Version2.2
WordpressWordpress Version2.2.1
WordpressWordpress Version2.2.2
WordpressWordpress Version2.2.3
WordpressWordpress Version2.3
WordpressWordpress Version2.3.1
WordpressWordpress Version2.3.2
WordpressWordpress Version2.3.3
WordpressWordpress Version2.5
WordpressWordpress Version2.5.1
WordpressWordpress Version2.6
WordpressWordpress Version2.6.1
WordpressWordpress Version2.6.2
WordpressWordpress Version2.6.3
WordpressWordpress Version2.6.5
WordpressWordpress Version2.7
WordpressWordpress Version2.7.1
WordpressWordpress Version2.8
WordpressWordpress Version2.8.1
WordpressWordpress Version2.8.2
WordpressWordpress Version2.8.3
WordpressWordpress Version2.8.4
WordpressWordpress Version2.8.4 Updatea
WordpressWordpress Version2.8.5
WordpressWordpress Version2.8.5.1
WordpressWordpress Version2.8.5.2
WordpressWordpress Version2.8.6
WordpressWordpress Version2.9
WordpressWordpress Version2.9.1
WordpressWordpress Version2.9.1.1
WordpressWordpress Version2.9.2
WordpressWordpress Version3.0
WordpressWordpress Version3.0.1
WordpressWordpress Version3.0.2
WordpressWordpress Version3.0.3
WordpressWordpress Version3.0.4
WordpressWordpress Version3.0.5
WordpressWordpress Version3.0.6
WordpressWordpress Version3.1
WordpressWordpress Version3.1.1
WordpressWordpress Version3.1.2
WordpressWordpress Version3.1.3
WordpressWordpress Version3.3
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-3.3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.61% 0.834
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/49138
http://www.debian.org/security/2012/dsa-2470
http://wordpress.org/news/2012/04/wordpress-3-3-2/
Patch
Vendor Advisory
http://www.securityfocus.com/bid/53192
http://core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php
http://osvdb.org/81462
http://secunia.com/advisories/48957
https://exchange.xforce.ibmcloud.com/vulnerabilities/75090
https://exchange.xforce.ibmcloud.com/vulnerabilities/75207
https://www.wordfence.com/threat-intel/vulnerabilities/id/f419b83c-9253-4ca6-a02a-7daad1819581
Third Party Advisory