Description
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Request Forgery (3.0.6)
Oracle JRE CVE-2013-2434 Vulnerability (CVE-2013-2434)
WordPress Plugin ALO EasyMail Newsletter Cross-Site Request Forgery (2.9.2)
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.14)
WordPress Plugin Easy Pixels eCommerce extension Unspecified Vulnerability (1.4)