| Max CVSS | 6.8 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-3383 | 2.6 |
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended acce
|
18-09-2012 - 03:35 | 22-07-2012 - 17:55 | |
| CVE-2012-3384 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
09-08-2012 - 04:00 | 22-07-2012 - 17:55 | |
| CVE-2012-3385 | 5.0 |
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
|
23-07-2012 - 19:03 | 22-07-2012 - 17:55 |