Lucene search
HistoryJan 21, 2014 - 1:55 a.m.
CVE-2010-5293
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
61.0%
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
Affected configurations
Node
wordpresswordpressRange≤3.0.1
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.4a
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.5.1
ORwordpresswordpressMatch2.8.5.2
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.1.1
ORwordpresswordpressMatch2.9.2
ORwordpresswordpressMatch3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0 | cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.1 | cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.2 | cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.4 | cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.5 | cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.6 | cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.7 | cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.8 | cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.9 | cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2010-5293
2014-01-21 00:00:00
cvelist
cvelist
CVE-2010-5293
2014-01-21 01:00:00
patchstack
patchstack
WordPress <= 3.0.1
2014-01-20 00:00:00
cve
cve
CVE-2010-5293
2014-01-21 01:55:03
prion
prion
Design/Logic Flaw
2014-01-21 01:55:00
debiancve
debiancve
CVE-2010-5293
2014-01-21 01:55:03
wpvulndb
wpvulndb
WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions
2014-08-01 10:58:24
openvas
openvas
WordPress < 3.0.2 Multiple Vulnerabilities
2022-12-08 00:00:00
nessus
nessus
WordPress < 3.0.2 Multiple Vulnerabilities
2016-02-26 00:00:00
WordPress < 3.0.2 Multiple Vulnerabilities
2011-02-03 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
61.0%
Related for NVD:CVE-2010-5293