Description
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Seriously Simple Podcasting Cross-Site Request Forgery (2.16.0)
PHP Other Vulnerability (CVE-2015-8616)
WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (7.2.04)
Internet Information Services Other Vulnerability (CVE-1999-0407)
WordPress Plugin AP Companion includes Backdoor [Only if downloaded via the vendor website] (1.0.6)