Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2013-0235 — Server-Side Request Forgery in Wordpress
15 documents6 sources
Severity
6.4MEDIUMNVD
NVD4.3
EPSS
58.4%
top 1.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJul 8
Latest updateMay 17
Description
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
CVSS vector
AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
4💥Exploits & PoCs
1📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2014-0235 php: file: extensive backtracking in awk rule regular expression (incomplete fix for CVE-2013-7345) [fedora-all]↗2014-06-30
Bugzilla▶
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version↗2013-06-21
Bugzilla▶
CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks↗2013-01-25