Bypassing Spam Restrictions in WordPress Blogroll via Crafted URL

Bypassing Spam Restrictions in WordPress Blogroll via Crafted URL

CVE-2010-5293 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.

Learn more about our Wordpress Pen Testing.