CVE-2012-4422 Information

Description

wp-admin/plugins.php in WordPress before 3.4.2 when the multisite feature is enabled does not check for network-administrator privileges before performing a network-wide activation of an installed plugin which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.

Reference

http://codex.wordpress.org/Version_3.4.2 http://core.trac.wordpress.org/changeset?old_path=2Ftags2F3.4.1&old=21780&new_path=2Ftags2F3.4.2&new=21780file42 http://openwall.com/lists/oss-security/2012/09/13/4