Description

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

CVE-2013-2202

Related Vulnerabilities

MySQL CVE-2023-22048 Vulnerability (CVE-2023-22048)

Lighttpd Out-of-bounds Write Vulnerability (CVE-2022-22707)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)

WordPress Plugin CigiCigi Post Guest Cross-Site Scripting (1.0.5)

Apache HTTP Server CVE-2004-0809 Vulnerability (CVE-2004-0809)

Severity

Medium

Classification

CVE-2013-2202 CWE-200

Tags

Missing Update Known Vulnerabilities