Description

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.

Remediation

References

CVE-2010-5293

Related Vulnerabilities

WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Request Forgery (3.0.6)

Oracle JRE CVE-2013-2434 Vulnerability (CVE-2013-2434)

WordPress Plugin ALO EasyMail Newsletter Cross-Site Request Forgery (2.9.2)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.14)

WordPress Plugin Easy Pixels eCommerce extension Unspecified Vulnerability (1.4)

Severity

Medium

Classification

CVE-2010-5293 CWE-264

Tags

Missing Update Known Vulnerabilities