ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.0.0

Product
WordPress
Description
A WordPress multi-site installation, permanently retains the "site administrators can add users" option once changed which might allow authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an "add" action after a temporary change.
Solution
Update WordPress.
Classification
Type BYPASS
References
CVE Mitre
CVE
Name CVE-2010-5297
Versions
Affected In <= 3.0.0
Fixed In 3.0.1
Disclosure date
2014-01-20
Credits
nacin