CVE-2010-5297
WordPress Core < 3.0.1 - Missing Authorization
Severity Score
4.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.
WordPress anterior a la versión 3.0.1, cuando se usa una instalación Multisite, conserva permanentemente la opción "los usuarios pueden añadir administradores al sitio" una vez cambiada, lo que podría permitir a administradores remotos autenticados evadir restricciones de acceso intencionadas en circunstancias oportunistas a través de una acción de añadido después de un cambio temporal.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-07-29 CVE Published
- 2014-01-20 CVE Reserved
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-862: Missing Authorization
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://codex.wordpress.org/Changelog/3.0.1 | X_refsource_confirm | |
| http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://core.trac.wordpress.org/changeset/15342 | 2024-09-17 | |
| https://core.trac.wordpress.org/ticket/14119 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | <= 3.0 Search vendor "Wordpress" for product "Wordpress" and version " <= 3.0" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0 Search vendor "Wordpress" for product "Wordpress" and version "2.0" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.1 Search vendor "Wordpress" for product "Wordpress" and version "2.0.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.2 Search vendor "Wordpress" for product "Wordpress" and version "2.0.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.4 Search vendor "Wordpress" for product "Wordpress" and version "2.0.4" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.5 Search vendor "Wordpress" for product "Wordpress" and version "2.0.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.6 Search vendor "Wordpress" for product "Wordpress" and version "2.0.6" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.7 Search vendor "Wordpress" for product "Wordpress" and version "2.0.7" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.8 Search vendor "Wordpress" for product "Wordpress" and version "2.0.8" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.9 Search vendor "Wordpress" for product "Wordpress" and version "2.0.9" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.10 Search vendor "Wordpress" for product "Wordpress" and version "2.0.10" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.11 Search vendor "Wordpress" for product "Wordpress" and version "2.0.11" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.1 Search vendor "Wordpress" for product "Wordpress" and version "2.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.1.1 Search vendor "Wordpress" for product "Wordpress" and version "2.1.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.1.2 Search vendor "Wordpress" for product "Wordpress" and version "2.1.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.1.3 Search vendor "Wordpress" for product "Wordpress" and version "2.1.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.2 Search vendor "Wordpress" for product "Wordpress" and version "2.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.2.1 Search vendor "Wordpress" for product "Wordpress" and version "2.2.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.2.2 Search vendor "Wordpress" for product "Wordpress" and version "2.2.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.2.3 Search vendor "Wordpress" for product "Wordpress" and version "2.2.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.3 Search vendor "Wordpress" for product "Wordpress" and version "2.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.3.1 Search vendor "Wordpress" for product "Wordpress" and version "2.3.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.3.2 Search vendor "Wordpress" for product "Wordpress" and version "2.3.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.3.3 Search vendor "Wordpress" for product "Wordpress" and version "2.3.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.5 Search vendor "Wordpress" for product "Wordpress" and version "2.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.5.1 Search vendor "Wordpress" for product "Wordpress" and version "2.5.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6 Search vendor "Wordpress" for product "Wordpress" and version "2.6" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6.1 Search vendor "Wordpress" for product "Wordpress" and version "2.6.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6.2 Search vendor "Wordpress" for product "Wordpress" and version "2.6.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6.3 Search vendor "Wordpress" for product "Wordpress" and version "2.6.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6.5 Search vendor "Wordpress" for product "Wordpress" and version "2.6.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.7 Search vendor "Wordpress" for product "Wordpress" and version "2.7" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.7.1 Search vendor "Wordpress" for product "Wordpress" and version "2.7.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8 Search vendor "Wordpress" for product "Wordpress" and version "2.8" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.1 Search vendor "Wordpress" for product "Wordpress" and version "2.8.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.2 Search vendor "Wordpress" for product "Wordpress" and version "2.8.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.3 Search vendor "Wordpress" for product "Wordpress" and version "2.8.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.4 Search vendor "Wordpress" for product "Wordpress" and version "2.8.4" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.4 Search vendor "Wordpress" for product "Wordpress" and version "2.8.4" | a |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.5 Search vendor "Wordpress" for product "Wordpress" and version "2.8.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.5.1 Search vendor "Wordpress" for product "Wordpress" and version "2.8.5.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.5.2 Search vendor "Wordpress" for product "Wordpress" and version "2.8.5.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.6 Search vendor "Wordpress" for product "Wordpress" and version "2.8.6" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.9 Search vendor "Wordpress" for product "Wordpress" and version "2.9" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.9.1 Search vendor "Wordpress" for product "Wordpress" and version "2.9.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.9.1.1 Search vendor "Wordpress" for product "Wordpress" and version "2.9.1.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.9.2 Search vendor "Wordpress" for product "Wordpress" and version "2.9.2" | - |
Affected
| ||||||