Description

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.

Remediation

References

CVE-2013-2199

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20099)

WordPress Plugin Missed Schedule Fix WP Failed Future Posts Multiple Unspecified Vulnerabilities (2014.1231.2015.4)

WordPress Plugin Software License Manager Cross-Site Request Forgery (4.5.0)

WordPress Plugin User Activation Email Cross-Site Scripting (1.3.0)

WordPress Plugin Premmerce Wishlist for WooCommerce Security Bypass (1.1.2)

Severity

Medium

Classification

CVE-2013-2199 CWE-264

Tags

Missing Update Known Vulnerabilities