CVE-2010-4257

EPSS 3.3%

wordpress - SQL injection

Published: 12/7/2010Modified: 5/27/2026

Description

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

Affected packages (2)

Debian/wordpressfrom 0, < 3.0.2-1
Debian/wordpressfrom 0, < 2.5.1-11+lenny4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-4257