2 matches found
CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
CVE-2010-5296
CVE-2010-5296 affects WordPress core prior to 3.0.2 in Multisite deployments. The issue is in wp-includes/capabilities.php where the delete_users capability can be exercised without requiring the Super Admin role, allowing remote authenticated administrators to bypass intended access restrictions...