WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-01-21T01:00:00Z

Updated: 2024-09-17T01:06:42.767Z

Reserved: 2014-01-20T00:00:00Z

Link: CVE-2010-5297

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-01-21T01:55:03.293

Modified: 2024-11-21T01:22:58.583

Link: CVE-2010-5297

cve-icon Redhat

No data.