Описание
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| lucid | ignored | end of life |
| precise | not-affected | |
| quantal | not-affected | |
| raring | not-affected | |
| saucy | not-affected | |
| upstream | released | 3.0.2 |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
wp-includes/comment.php in WordPress before 3.0.2 does not properly wh ...
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
EPSS
5.8 Medium
CVSS2