CVE-2010-5297

N/A Unknown
Published: January 21, 2014 Modified: April 29, 2026
View on NVD

Description

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://codex.wordpress.org/Changelog/3.0.1
Source: cve@mitre.org
http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed
Source: cve@mitre.org
https://core.trac.wordpress.org/changeset/15342
Source: cve@mitre.org
Exploit Patch
https://core.trac.wordpress.org/ticket/14119
Source: cve@mitre.org
Exploit Patch
http://codex.wordpress.org/Changelog/3.0.1
Source: af854a3a-2127-422b-91ae-364da2661108
http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed
Source: af854a3a-2127-422b-91ae-364da2661108
https://core.trac.wordpress.org/changeset/15342
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch
https://core.trac.wordpress.org/ticket/14119
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.2%
46th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

wordpress

Related CVEs

CVE-2026-41971 5.5
CVE-2026-41970 6.8
CVE-2026-41969 6.2
CVE-2026-41968 5.9
CVE-2026-41967 5.9