CVE-2010-5293
WordPress < 3.0.2 - Spam Restriction Bypass via Trackback/Pingback URL
Title source: llmDescription
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
References (3)
Core 3
Core References
Exploit, Patch x_refsource_confirm
https://core.trac.wordpress.org/ticket/13887
Exploit, Patch x_refsource_confirm
https://core.trac.wordpress.org/changeset/16637
Patch, Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.0.2
Scores
EPSS
0.0039
EPSS Percentile
60.0%
Details
CWE
CWE-264
Status
published
Products (47)
wordpress/wordpress
2.0
wordpress/wordpress
2.0.1
wordpress/wordpress
2.0.2
wordpress/wordpress
2.0.4
wordpress/wordpress
2.0.5
wordpress/wordpress
2.0.6
wordpress/wordpress
2.0.7
wordpress/wordpress
2.0.8
wordpress/wordpress
2.0.9
wordpress/wordpress
2.0.10
... and 37 more
Published
Jan 21, 2014
Tracked Since
Feb 18, 2026