Description

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

CVE-2013-2202

Related Vulnerabilities

WordPress Plugin WP w3all phpBB Multiple Unspecified Vulnerabilities (1.6.3)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-27957)

WordPress Plugin Newsletters Cross-Site Scripting (4.6.18)

XWiki Improper Access Control Vulnerability (CVE-2023-29513)

Nexus Repository Manager Incorrect Default Permissions Vulnerability (CVE-2019-9630)

Severity

Medium

Classification

CVE-2013-2202 CWE-200

Tags

Missing Update Known Vulnerabilities