WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5293)

Description

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.

Remediation

References

Related Vulnerabilities

WordPress Plugin Image Slider by Ays-Responsive Slider and Carousel SQL Injection (2.4.9)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Security Bypass (2.0.15)

WordPress Plugin Simple Ads Manager Multiple Vulnerabilities (2.6.96)

WordPress Plugin YouSayToo auto-publishing 'submit' Parameter Cross-Site Scripting (1.0.1)

WordPress Plugin WP Better Permalinks Cross-Site Request Forgery (3.0.4)

Severity

Medium

Classification

CVE-2010-5293 CWE-264

Tags

Missing Update Known Vulnerabilities