Description

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

CVE-2013-2202

Related Vulnerabilities

WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4098)

WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection (7.1.4)

WordPress Plugin BuddyStream Multiple Cross-Site Scripting Vulnerabilities (2.6.2)

Oracle JRE CVE-2012-0502 Vulnerability (CVE-2012-0502)

Severity

Medium

Classification

CVE-2013-2202 CWE-200

Tags

Missing Update Known Vulnerabilities