CVE-2010-5297

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.7:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.4:a:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.9:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.9.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:22

Type Values Removed Values Added
References () http://codex.wordpress.org/Changelog/3.0.1 - () http://codex.wordpress.org/Changelog/3.0.1 -
References () http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed - () http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed -
References () https://core.trac.wordpress.org/changeset/15342 - Exploit, Patch () https://core.trac.wordpress.org/changeset/15342 - Exploit, Patch
References () https://core.trac.wordpress.org/ticket/14119 - Exploit, Patch () https://core.trac.wordpress.org/ticket/14119 - Exploit, Patch

Information

Published : 2014-01-21 01:55

Updated : 2025-04-11 00:51


NVD link : CVE-2010-5297

Mitre link : CVE-2010-5297

CVE.ORG link : CVE-2010-5297


JSON object : View

Products Affected

wordpress

  • wordpress
CWE
CWE-264

Permissions, Privileges, and Access Controls