From 4f0a5bcf157a6fbce2d83c4a7aa8cd5f6a783395 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Wed, 26 Feb 2014 12:30:21 +0100
Subject: [PATCH] Fix #411 - Old WP Core CVEs added

---
 data/wp_vulns.xml | 2288 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 2288 insertions(+)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 3b218068..9c972e39 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -474,6 +474,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.3.1">
@@ -512,6 +536,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.3">
@@ -543,6 +591,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.2.1">
@@ -567,6 +639,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.2">
@@ -591,6 +687,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.4">
@@ -615,6 +735,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.3">
@@ -649,6 +793,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.2">
@@ -681,6 +849,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.1">
@@ -712,6 +904,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.1">
@@ -736,6 +952,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.6">
@@ -760,6 +1000,30 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.5">
@@ -784,6 +1048,38 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.4">
@@ -808,6 +1104,38 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.3">
@@ -846,6 +1174,38 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.2">
@@ -877,6 +1237,38 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.1">
@@ -908,6 +1300,70 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.0">
@@ -932,6 +1388,78 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-admin/press-this.php - Privilege Escalation</title>
+      <references>
+        <cve>2011-5270</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
+      <references>
+        <cve>2012-6633</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
+      <references>
+        <cve>2012-6634</cve>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
+      <references>
+        <cve>2012-6635</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.3.3</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.9.2">
@@ -956,6 +1484,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.9.1">
@@ -980,6 +1548,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.9">
@@ -1018,6 +1626,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.6">
@@ -1042,6 +1690,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.5">
@@ -1073,6 +1761,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.4">
@@ -1097,6 +1825,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.3">
@@ -1128,6 +1896,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.2">
@@ -1152,6 +1960,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.1">
@@ -1183,6 +2031,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.8">
@@ -1207,6 +2095,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.7.1">
@@ -1238,6 +2166,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.7">
@@ -1269,6 +2237,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.5">
@@ -1300,6 +2308,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.4">
@@ -1324,6 +2372,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.3">
@@ -1348,6 +2436,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.2">
@@ -1379,6 +2507,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.1">
@@ -1417,6 +2585,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.6">
@@ -1441,6 +2649,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.5.1">
@@ -1472,6 +2720,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.5">
@@ -1504,6 +2792,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.3.3">
@@ -1528,6 +2856,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.3.2">
@@ -1552,6 +2920,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.3.1">
@@ -1583,6 +2991,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.3">
@@ -1600,6 +3048,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.2.3">
@@ -1624,6 +3112,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.2.2">
@@ -1648,6 +3176,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.2.1">
@@ -1672,6 +3240,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.2">
@@ -1710,6 +3318,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.1.3">
@@ -1741,6 +3389,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.1.2">
@@ -1780,6 +3468,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.1.1">
@@ -1815,6 +3543,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.1">
@@ -1832,6 +3600,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.11">
@@ -1856,6 +3664,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.10">
@@ -1880,6 +3728,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.9">
@@ -1897,6 +3785,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.8">
@@ -1914,6 +3842,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.7">
@@ -1938,6 +3906,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.6">
@@ -1969,6 +3977,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.5">
@@ -2000,6 +4048,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.4">
@@ -2031,6 +4119,46 @@
       </references>
       <type>SQLI</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.3">
@@ -2062,6 +4190,46 @@
       </references>
       <type>SQLI</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.2">
@@ -2100,6 +4268,46 @@
       </references>
       <type>SQLI</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0.1">
@@ -2132,6 +4340,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="2.0">
@@ -2164,6 +4412,46 @@
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
+      <references>
+        <cve>2010-5293</cve>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
+      <references>
+        <cve>2010-5294</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
+      <references>
+        <cve>2010-5295</cve>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/capabilities.php when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.</title>
+      <references>
+        <cve>2010-5296</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
+      <references>
+        <cve>2010-5297</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.0</fixed_in>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="1.5.2">