CVE-2010-5297 — Wordpress vulnerability

CWE-2644 documents4 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 54.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJan 21

Latest updateMay 17

Description

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.0.1-1 (bookworm)

▶Debianwordpress/wordpress< 3.0.1-1+3

▶NVDwordpress/wordpress3.0+45

Patches

Patch: core.trac.wordpress.org ↗Patch: core.trac.wordpress.org ↗Patch: core.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-8cg5-rjxh-5v62: WordPress before 3↗2022-05-17

▶

OSV

CVE-2010-5297: WordPress before 3↗2014-01-21

▶

📋Vendor Advisories

Debian

CVE-2010-5297: wordpress - WordPress before 3.0.1, when a Multisite installation is used, permanently retai...↗2010

▶