diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 3b218068..9c972e39 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -474,6 +474,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.3.1">
@@ -512,6 +536,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.3">
@@ -543,6 +591,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.2.1">
@@ -567,6 +639,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.2">
@@ -591,6 +687,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.4">
@@ -615,6 +735,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.3">
@@ -649,6 +793,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.2">
@@ -681,6 +849,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.1">
@@ -712,6 +904,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1">
@@ -736,6 +952,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.6">
@@ -760,6 +1000,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.5">
@@ -784,6 +1048,38 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.4">
@@ -808,6 +1104,38 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.3">
@@ -846,6 +1174,38 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.2">
@@ -877,6 +1237,38 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.1">
@@ -908,6 +1300,70 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0">
@@ -932,6 +1388,78 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.9.2">
@@ -956,6 +1484,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.9.1">
@@ -980,6 +1548,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.9">
@@ -1018,6 +1626,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.6">
@@ -1042,6 +1690,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.5">
@@ -1073,6 +1761,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.4">
@@ -1097,6 +1825,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.3">
@@ -1128,6 +1896,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.2">
@@ -1152,6 +1960,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.1">
@@ -1183,6 +2031,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8">
@@ -1207,6 +2095,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.7.1">
@@ -1238,6 +2166,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.7">
@@ -1269,6 +2237,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.5">
@@ -1300,6 +2308,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.4">
@@ -1324,6 +2372,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.3">
@@ -1348,6 +2436,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.2">
@@ -1379,6 +2507,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.1">
@@ -1417,6 +2585,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6">
@@ -1441,6 +2649,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.5.1">
@@ -1472,6 +2720,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.5">
@@ -1504,6 +2792,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.3.3">
@@ -1528,6 +2856,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.3.2">
@@ -1552,6 +2920,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.3.1">
@@ -1583,6 +2991,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.3">
@@ -1600,6 +3048,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.2.3">
@@ -1624,6 +3112,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.2.2">
@@ -1648,6 +3176,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.2.1">
@@ -1672,6 +3240,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.2">
@@ -1710,6 +3318,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.1.3">
@@ -1741,6 +3389,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.1.2">
@@ -1780,6 +3468,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.1.1">
@@ -1815,6 +3543,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.1">
@@ -1832,6 +3600,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.11">
@@ -1856,6 +3664,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.10">
@@ -1880,6 +3728,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.9">
@@ -1897,6 +3785,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.8">
@@ -1914,6 +3842,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.7">
@@ -1938,6 +3906,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.6">
@@ -1969,6 +3977,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.5">
@@ -2000,6 +4048,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.4">
@@ -2031,6 +4119,46 @@
       </references>
       <type>SQLI</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.3">
@@ -2062,6 +4190,46 @@
       </references>
       <type>SQLI</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.2">
@@ -2100,6 +4268,46 @@
       </references>
       <type>SQLI</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.1">
@@ -2132,6 +4340,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0">
@@ -2164,6 +4412,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="1.5.2">