2.1

CVE-2010-5297

Exploit

WordPress Core < 3.0.1 - Missing Authorization

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.0.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 3.0
WordpressWordpress Version2.0
WordpressWordpress Version2.0.1
WordpressWordpress Version2.0.2
WordpressWordpress Version2.0.4
WordpressWordpress Version2.0.5
WordpressWordpress Version2.0.6
WordpressWordpress Version2.0.7
WordpressWordpress Version2.0.8
WordpressWordpress Version2.0.9
WordpressWordpress Version2.0.10
WordpressWordpress Version2.0.11
WordpressWordpress Version2.1
WordpressWordpress Version2.1.1
WordpressWordpress Version2.1.2
WordpressWordpress Version2.1.3
WordpressWordpress Version2.2
WordpressWordpress Version2.2.1
WordpressWordpress Version2.2.2
WordpressWordpress Version2.2.3
WordpressWordpress Version2.3
WordpressWordpress Version2.3.1
WordpressWordpress Version2.3.2
WordpressWordpress Version2.3.3
WordpressWordpress Version2.5
WordpressWordpress Version2.5.1
WordpressWordpress Version2.6
WordpressWordpress Version2.6.1
WordpressWordpress Version2.6.2
WordpressWordpress Version2.6.3
WordpressWordpress Version2.6.5
WordpressWordpress Version2.7
WordpressWordpress Version2.7.1
WordpressWordpress Version2.8
WordpressWordpress Version2.8.1
WordpressWordpress Version2.8.2
WordpressWordpress Version2.8.3
WordpressWordpress Version2.8.4
WordpressWordpress Version2.8.4 Updatea
WordpressWordpress Version2.8.5
WordpressWordpress Version2.8.5.1
WordpressWordpress Version2.8.5.2
WordpressWordpress Version2.8.6
WordpressWordpress Version2.9
WordpressWordpress Version2.9.1
WordpressWordpress Version2.9.1.1
WordpressWordpress Version2.9.2
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.0.1)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.21% 0.802
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:N/AC:H/Au:S/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://codex.wordpress.org/Changelog/3.0.1
http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed
https://core.trac.wordpress.org/changeset/15342
Patch
Exploit
https://core.trac.wordpress.org/ticket/14119
Patch
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/221872e2-7929-4fba-8a57-7d9fd73a76db
Third Party Advisory