cbcvebase.
CVE-2013-0235
published 2013-07-08

CVE-2013-0235: The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a…

PriorityP348medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
28.86%
97.9th percentile
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.

Affected

86 ranges· showing 25
VendorProductVersion rangeFixed in
debianwordpress< wordpress 3.5.1+dfsg-1 (bookworm)wordpress 3.5.1+dfsg-1 (bookworm)
debianwordpress< wordpress 3.5.2+dfsg-1 (bookworm)wordpress 3.5.2+dfsg-1 (bookworm)
wordpresswordpress<= 3.5.1
wordpresswordpress<= 3.5.0
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress

Detection & IOCsextracted from sources · hover to see the quote

path/xmlrpc.php
  • Detect inbound XMLRPC pingback requests with crafted source URLs targeting internal/intranet addresses — indicative of SSRF abuse via the WordPress Pingback API.
  • Monitor WordPress sites for Pingback API availability (xmlrpc.php responding to pingback.ping method calls); active scanning for this endpoint is a precursor to SSRF/port-scan exploitation.
  • Flag outbound HTTP requests originating from the WordPress process to RFC-1918 or loopback addresses, which may indicate SSRF exploitation via the pingback source URL parameter.
  • ·Vulnerability is fixed in WordPress 3.5.1; any installation running a version prior to 3.5.1 is affected. Patch was applied at changeset 23330.
  • ·The related CVE-2013-2199 (HTTP API SSRF) was not fixed until WordPress 3.5.2; environments patched only to 3.5.1 remain vulnerable to that variant.

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM
vendor_debian6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.