| Max CVSS | 6.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-4257 | 6.0 |
SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.
|
21-11-2017 - 18:09 | 07-12-2010 - 13:53 | |
| CVE-2010-5296 | 4.9 |
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrict
|
21-01-2014 - 17:20 | 21-01-2014 - 01:55 | |
| CVE-2010-5295 | 4.3 |
Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.
|
21-01-2014 - 17:19 | 21-01-2014 - 01:55 | |
| CVE-2010-5294 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error messag
|
21-01-2014 - 17:18 | 21-01-2014 - 01:55 | |
| CVE-2010-5293 | 5.8 |
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a sub
|
21-01-2014 - 17:16 | 21-01-2014 - 01:55 |