FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- SQL injection vulnerability

Affected packages
wordpress < 3.0.2,1
de-wordpress < 3.0.2
zh-wordpress-zh_CN < 3.0.2
zh-wordpress-zh_TW < 3.0.2

Details

VuXML ID 8c93e997-30e0-11e0-b300-485d605f4717
Discovery 2010-11-16
Entry 2011-02-05
Modified 2011-02-09

Vendor reports:

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

References

CVE Name CVE-2010-4257
URL http://www.cvedetails.com/cve/CVE-2010-4257/