Lucene search
HistoryJan 21, 2014 - 1:55 a.m.
CVE-2010-5297
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.002
Percentile
58.8%
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the “site administrators can add users” option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.
Affected configurations
Node
wordpresswordpressRange≤3.0
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.4a
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.5.1
ORwordpresswordpressMatch2.8.5.2
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.1.1
ORwordpresswordpressMatch2.9.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0 | cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.1 | cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.2 | cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.4 | cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.5 | cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.6 | cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.7 | cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.8 | cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.9 | cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:* |
Related
wpvulndb
wpvulndb
WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass
2014-08-01 10:58:24
debiancve
debiancve
CVE-2010-5297
2014-01-21 01:55:03
patchstack
patchstack
WordPress <= 3.0.0
2014-01-20 00:00:00
openvas
openvas
WordPress < 3.0.1 Access Restriction Bypass Vulnerability
2022-12-08 00:00:00
cve
cve
CVE-2010-5297
2014-01-21 01:55:03
nessus
nessus
WordPress < 3.0.1 Security Bypass
2014-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2010-5297
2014-01-21 00:00:00
prion
prion
Design/Logic Flaw
2014-01-21 01:55:00
cvelist
cvelist
CVE-2010-5297
2014-01-21 01:00:00
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.002
Percentile
58.8%
Related for NVD:CVE-2010-5297