Description

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

CVE-2013-2202

Related Vulnerabilities

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6668)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.17)

SharePoint CVE-2021-27076 Vulnerability (CVE-2021-27076)

WordPress Plugin Cimy User Extra Fields Arbitrary File Upload (2.3.7)

Severity

Medium

Classification

CVE-2013-2202 CWE-200

Tags

Missing Update Known Vulnerabilities