Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-5296

Опубликовано: 21 янв. 2014
Источник: nvd
CVSS2: 4.9
EPSS Низкий

Описание

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Версия до 3.0.1 (включая)
cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.7:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.4:a:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.9:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%
0.00404
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2010-5296

ubuntu
почти 12 лет назад

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.

debian логотип

CVE-2010-5296

debian
почти 12 лет назад

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisi ...

github логотип

GHSA-w56v-4m7h-jhq8

github
больше 3 лет назад

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.

EPSS

Процентиль: 60%
0.00404
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-264