Bypassing Spam Restrictions in WordPress Blogroll via Crafted URL
CVE-2010-5293 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:N
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
Learn more about our Wordpress Pen Testing.