Description

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

CVE-2013-2202

Related Vulnerabilities

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27947)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.10)

WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.11)

WordPress Plugin 10Web Map Builder for Google Maps Cross-Site Scripting (1.0.69)

Joomla Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2018-11324)

Severity

Medium

Classification

CVE-2013-2202 CWE-200

Tags

Missing Update Known Vulnerabilities