CVE-2010-5293Wordpress vulnerability

CWE-2644 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.4%
top 40.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJan 21
Latest updateMay 17

Description

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 3.0.2-1 (bookworm)
Debianwordpress/wordpress< 3.0.2-1+3
NVDwordpress/wordpress3.0.1+46

Patches

Patch: codex.wordpress.orgPatch: core.trac.wordpress.orgPatch: core.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-542p-6q49-2qfr: wp-includes/comment2022-05-17
OSV
CVE-2010-5293: wp-includes/comment2014-01-21

📋Vendor Advisories

1
Debian
CVE-2010-5293: wordpress - wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist tr...2010
CVE-2010-5293 — Debian Wordpress vulnerability | cvebase