Description

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.

Remediation

References

CVE-2013-0235

Related Vulnerabilities

WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (2.1)

WordPress Plugin Contentboxes Cross-Site Scripting (1.1)

WordPress Plugin GiveWP-Donation and Fundraising Platform Multiple Vulnerabilities (2.25.1)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (3.4.33)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2158)

Severity

Medium

Classification

CVE-2013-0235

Tags

Missing Update Known Vulnerabilities