Vulnerability Description
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | <= 3.0 |
Related Weaknesses (CWE)
References
- http://codex.wordpress.org/Changelog/3.0.1
- http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priori
- https://core.trac.wordpress.org/changeset/15342ExploitPatch
- https://core.trac.wordpress.org/ticket/14119ExploitPatch
- http://codex.wordpress.org/Changelog/3.0.1
- http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priori
- https://core.trac.wordpress.org/changeset/15342ExploitPatch
- https://core.trac.wordpress.org/ticket/14119ExploitPatch
FAQ
What is CVE-2010-5297?
CVE-2010-5297 is a vulnerability with a CVSS score of 2.1 (LOW). WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to...
How severe is CVE-2010-5297?
CVE-2010-5297 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5297?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.