CVE-2010-4257
WordPress < 3.0.1 - Authenticated SQL Injection via Send Trackbacks Field
Title source: llmDescription
SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.
References (20)
Core 20
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42844
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/news/2010/11/wordpress-3-0-2/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2138
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42753
Broken Link x_refsource_misc
http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052892.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42871
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3337
Issue Tracking, Mailing List, Third Party Advisory x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603
Vendor Advisory x_refsource_confirm
http://core.trac.wordpress.org/changeset/16625
Not Applicable x_refsource_misc
http://www.xakep.ru/magazine/xa/124/052/1.asp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45131
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=659265
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052879.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42431
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.0.2
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0042
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0057
Scores
EPSS
0.0330
EPSS Percentile
87.4%
Details
CWE
CWE-89
Status
published
Products (1)
wordpress/wordpress
< 3.0.1
Published
Dec 07, 2010
Tracked Since
Feb 18, 2026