CVE-2013-2202 — Sensitive Information Exposure in Wordpress

CWE-200 — Sensitive Information Exposure7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.4%

top 19.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJul 8

Latest updateMay 17

Description

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.5.2+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.5.2+dfsg-1+3

▶NVDwordpress/wordpress3.5.1+74

🔴Vulnerability Details

GHSA

GHSA-xpjf-7q8c-6jfc: WordPress before 3↗2022-05-17

▶

OSV

CVE-2013-2202: WordPress before 3↗2013-07-08

▶

📋Vendor Advisories

Debian

CVE-2013-2202: wordpress - WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oE...↗2013

▶

💬Community

Bugzilla

CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version [epel-all]↗2013-06-22

▶

Bugzilla

▶

Bugzilla

CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version↗2013-06-21

▶