Back to search
CVE-2010-5293
Published: Jan 21, 2014
Modified: Sep 16, 2024
PUBLISHED
Description
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://core.trac.wordpress.org/ticket/13887
x_refsource_CONFIRM
https://core.trac.wordpress.org/changeset/16637
x_refsource_CONFIRM
http://codex.wordpress.org/Version_3.0.2
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now