The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wordpress | Wordpress | 3.4.0 (including) | 3.4.0 (including) |
| Wordpress | Ubuntu | hardy | * |
| Wordpress | Ubuntu | lucid | * |
| Wordpress | Ubuntu | natty | * |
| Wordpress | Ubuntu | oneiric | * |
| Wordpress | Ubuntu | precise | * |
| Wordpress | Ubuntu | upstream | * |
References
- http://codex.wordpress.org/Version_3.4.1
- http://codex.wordpress.org/Version_3.4.2
- http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1\u0026old=21780\u0026new_path=%2Ftags%2F3.4.2\u0026new=21780#file23
- http://core.trac.wordpress.org/changeset?reponame=\u0026new=21153%40branches%2F3.4\u0026old=21076%40trunk#file16
- http://openwall.com/lists/oss-security/2012/09/12/17
- http://www.openwall.com/lists/oss-security/2012/07/02/1
- http://www.openwall.com/lists/oss-security/2012/07/08/1
- http://codex.wordpress.org/Version_3.4.1
- http://codex.wordpress.org/Version_3.4.2
- http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1\u0026old=21780\u0026new_path=%2Ftags%2F3.4.2\u0026new=21780#file23
- http://core.trac.wordpress.org/changeset?reponame=\u0026new=21153%40branches%2F3.4\u0026old=21076%40trunk#file16
- http://openwall.com/lists/oss-security/2012/09/12/17
- http://www.openwall.com/lists/oss-security/2012/07/02/1
- http://www.openwall.com/lists/oss-security/2012/07/08/1