Description

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.

Remediation

References

CVE-2010-5297

Related Vulnerabilities

WordPress Plugin Easy Accordion-Best Accordion FAQ Cross-Site Scripting (2.0.21)

WordPress 4.1.x Directory Traversal (4.1 - 4.1.40)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4341)

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-45452)

WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)

Severity

Low

Classification

CVE-2010-5297 CWE-264

Tags

Missing Update Known Vulnerabilities