Description
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-21879 Vulnerability (CVE-2023-21879)
WordPress Plugin Codestyling Localization 'name' Parameter Cross-Site Scripting (1.99.19)
WordPress Plugin Church Admin Cross-Site Scripting (0.800)
PHP-Fusion Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1807)
Oracle Database Server CVE-2012-0512 Vulnerability (CVE-2012-0512)