Description
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Remediation
References
Related Vulnerabilities
Squid Improper Input Validation Vulnerability (CVE-2020-24606)
WordPress Plugin WP Construction Mode Cross-Site Request Forgery (3.31)
WordPress Plugin Hustle-Pop-Ups, Slide-ins and Email Opt-ins CSV Injection (6.0.7)
WordPress Plugin Simple Slideshow Manager Multiple Unspecified Vulnerabilities (2.1)