Description

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.

Remediation

References

CVE-2010-5293

Related Vulnerabilities

WordPress Plugin Autocomplete Wizard Unspecified Vulnerability (2.0)

WordPress Plugin Calendar Event Multi View Multiple SQL Injection Vulnerabilities (1.1.7)

WordPress Plugin Global Content Blocks 'gcb_export.php' SQL Injection (1.2)

WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (7.9.0)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000399)

Severity

Medium

Classification

CVE-2010-5293 CWE-264

Tags

Missing Update Known Vulnerabilities