WordPress < 3.0.2 Multiple Vulnerabilities

Versions of WordPress prior to 3.0.2 are susceptible to the following vulnerabilities :

• A flaw exists that may allow an attacker to carry out an SQL injection attack. The issue is due to the ‘wp-includes/comment.php script’ not properly sanitizing user-supplied input to the ‘Send Trackbacks’ field. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2010-4257)
• A flaw exists in the ‘wp-includes/comment.php’ script. The issue is due to the program failing to properly whitelist trackbacks and pingbacks in the blogroll. With a specially crafted URL, a remote attacker can bypass intended spam restrictions. (CVE-2010-5293)
• A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the ‘request_filesystem_credentials’ function in the ‘wp-admin/includes/file.php’ script does not validate input passed via an error message for a FTP or SSH connection attempt. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2010-5294)
• A flaw exists in ‘wp-admin/plugins.php’ that does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user’s browser. The code will originate from the site running the WordPress software and will run in the security context of that site. As a result, the code will be able to access the target user’s cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. (CVE-2010-5295)
• A flaw exists in the ‘wp-includes/capabilities.php’ script when a multisite configuration is used. The issue is triggered as the program doesn’t require Super Admin privileges for the ‘delete_users’ capability. This may allow a remote authenticated attacker to delete an action and bypass access restrictions. (CVE-2010-5296)