ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.0.1

Product
WordPress
Description
wp-includes/comment.php does not properly whitelist trackbacks and pingbacks in the blogroll. In that way the attackers can bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
Solution
Update WordPress.
Classification
Type Unknown
References
CVE Mitre
CVE
Name CVE-2010-5293
Versions
Affected In <= 3.0.1
Fixed In 3.0.2
Disclosure date
2014-01-20
Credits
avereha