Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress 跨站脚本漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 3.4.0版本中存在漏洞,该漏洞源于多个站点打开时未正确限制unfiltered_html的访问。远程管理员或编辑者可利用该漏洞执行跨站脚本(XSS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A