Lucene search

[email protected]CVE-2010-5296

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-5296

2022-10-0316:21:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2010-5296

wordpress

multisite

remote authentication

access restrictions

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.3%

JSON

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.

Affected configurations

NVD

Node

wordpresswordpressRange≤3.0.1

wordpresswordpressMatch2.0

wordpresswordpressMatch2.0.1

wordpresswordpressMatch2.0.2

wordpresswordpressMatch2.0.4

wordpresswordpressMatch2.0.5

wordpresswordpressMatch2.0.6

wordpresswordpressMatch2.0.7

wordpresswordpressMatch2.0.8

wordpresswordpressMatch2.0.9

wordpresswordpressMatch2.0.10

wordpresswordpressMatch2.0.11

wordpresswordpressMatch2.1

wordpresswordpressMatch2.1.1

wordpresswordpressMatch2.1.2

wordpresswordpressMatch2.1.3

wordpresswordpressMatch2.2

wordpresswordpressMatch2.2.1

wordpresswordpressMatch2.2.2

wordpresswordpressMatch2.2.3

wordpresswordpressMatch2.3

wordpresswordpressMatch2.3.1

wordpresswordpressMatch2.3.2

wordpresswordpressMatch2.3.3

wordpresswordpressMatch2.5

wordpresswordpressMatch2.5.1

wordpresswordpressMatch2.6

wordpresswordpressMatch2.6.1

wordpresswordpressMatch2.6.2

wordpresswordpressMatch2.6.3

wordpresswordpressMatch2.6.5

wordpresswordpressMatch2.7

wordpresswordpressMatch2.7.1

wordpresswordpressMatch2.8

wordpresswordpressMatch2.8.1

wordpresswordpressMatch2.8.2

wordpresswordpressMatch2.8.3

wordpresswordpressMatch2.8.4

wordpresswordpressMatch2.8.4a

wordpresswordpressMatch2.8.5

wordpresswordpressMatch2.8.5.1

wordpresswordpressMatch2.8.5.2

wordpresswordpressMatch2.8.6

wordpresswordpressMatch2.9

wordpresswordpressMatch2.9.1

wordpresswordpressMatch2.9.1.1

wordpresswordpressMatch2.9.2

wordpresswordpressMatch3.0

CPENameOperatorVersion
wordpress:wordpresswordpressle3.0.1
wordpress:wordpresswordpresseq2.0
wordpress:wordpresswordpresseq2.0.1
wordpress:wordpresswordpresseq2.0.2
wordpress:wordpresswordpresseq2.0.4
wordpress:wordpresswordpresseq2.0.5
wordpress:wordpresswordpresseq2.0.6
wordpress:wordpresswordpresseq2.0.7
wordpress:wordpresswordpresseq2.0.8
wordpress:wordpresswordpresseq2.0.9

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	3.0.1
wordpress:wordpress	wordpress	eq	2.0
wordpress:wordpress	wordpress	eq	2.0.1
wordpress:wordpress	wordpress	eq	2.0.2
wordpress:wordpress	wordpress	eq	2.0.4
wordpress:wordpress	wordpress	eq	2.0.5
wordpress:wordpress	wordpress	eq	2.0.6
wordpress:wordpress	wordpress	eq	2.0.7
wordpress:wordpress	wordpress	eq	2.0.8
wordpress:wordpress	wordpress	eq	2.0.9