CVE-2013-2202: Infoleak
First published: Mon Jul 08 2013(Updated: )
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress | <=3.5.1 | |
| WordPress | =0.71 | |
| WordPress | =1.0 | |
| WordPress | =1.0.1 | |
| WordPress | =1.0.2 | |
| WordPress | =1.1.1 | |
| WordPress | =1.2 | |
| WordPress | =1.2.1 | |
| WordPress | =1.2.2 | |
| WordPress | =1.2.3 | |
| WordPress | =1.2.4 | |
| WordPress | =1.2.5 | |
| WordPress | =1.2.5-a | |
| WordPress | =1.3 | |
| WordPress | =1.3.2 | |
| WordPress | =1.3.3 | |
| WordPress | =1.5 | |
| WordPress | =1.5.1 | |
| WordPress | =1.5.1.1 | |
| WordPress | =1.5.1.2 | |
| WordPress | =1.5.1.3 | |
| WordPress | =1.5.2 | |
| WordPress | =1.6.2 | |
| WordPress | =2.0 | |
| WordPress | =2.0.1 | |
| WordPress | =2.0.2 | |
| WordPress | =2.0.4 | |
| WordPress | =2.0.5 | |
| WordPress | =2.0.6 | |
| WordPress | =2.0.7 | |
| WordPress | =2.0.8 | |
| WordPress | =2.0.9 | |
| WordPress | =2.0.10 | |
| WordPress | =2.0.11 | |
| WordPress | =2.1 | |
| WordPress | =2.1.1 | |
| WordPress | =2.1.2 | |
| WordPress | =2.1.3 | |
| WordPress | =2.2 | |
| WordPress | =2.2.1 | |
| WordPress | =2.2.2 | |
| WordPress | =2.2.3 | |
| WordPress | =2.3 | |
| WordPress | =2.3.1 | |
| WordPress | =2.3.2 | |
| WordPress | =2.3.3 | |
| WordPress | =2.5 | |
| WordPress | =2.5.1 | |
| WordPress | =2.6 | |
| WordPress | =2.6.1 | |
| WordPress | =2.6.2 | |
| WordPress | =2.6.3 | |
| WordPress | =2.6.5 | |
| WordPress | =2.7 | |
| WordPress | =2.7.1 | |
| WordPress | =2.8 | |
| WordPress | =2.8.1 | |
| WordPress | =2.8.2 | |
| WordPress | =2.8.3 | |
| WordPress | =2.8.4 | |
| WordPress | =2.8.4-a | |
| WordPress | =2.8.5 | |
| WordPress | =2.8.5.1 | |
| WordPress | =2.8.5.2 | |
| WordPress | =2.8.6 | |
| WordPress | =2.9 | |
| WordPress | =2.9.1 | |
| WordPress | =2.9.1.1 | |
| WordPress | =2.9.2 | |
| WordPress | =3.3 | |
| WordPress | =3.3.1 | |
| WordPress | =3.3.2 | |
| WordPress | =3.3.3 | |
| WordPress | =3.4.0 | |
| WordPress | =3.4.1 | |
| WordPress | =3.4.2 | |
| WordPress | =3.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-2202?
CVE-2013-2202 has been rated as a moderate severity vulnerability due to its potential to allow remote attackers to read arbitrary files.
How do I fix CVE-2013-2202?
To fix CVE-2013-2202, you should upgrade your WordPress installation to version 3.5.2 or later.
What versions of WordPress are affected by CVE-2013-2202?
CVE-2013-2202 affects all versions of WordPress prior to 3.5.2.
What type of vulnerability is CVE-2013-2202?
CVE-2013-2202 is classified as an XML External Entity (XXE) vulnerability.
Can CVE-2013-2202 be exploited remotely?
Yes, CVE-2013-2202 can be exploited remotely by attackers to read arbitrary files on the server.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wordpress
- canonical/wordpress
- version/wordpress/3.5.1
- version/wordpress/0.71
- version/wordpress/1.0
- version/wordpress/1.0.1
- version/wordpress/1.0.2
- version/wordpress/1.1.1
- version/wordpress/1.2
- version/wordpress/1.2.1
- version/wordpress/1.2.2
- version/wordpress/1.2.3
- version/wordpress/1.2.4
- version/wordpress/1.2.5
- version/wordpress/1.2.5-a
- version/wordpress/1.3
- version/wordpress/1.3.2
- version/wordpress/1.3.3
- version/wordpress/1.5
- version/wordpress/1.5.1
- version/wordpress/1.5.1.1
- version/wordpress/1.5.1.2
- version/wordpress/1.5.1.3
- version/wordpress/1.5.2
- version/wordpress/1.6.2
- version/wordpress/2.0
- version/wordpress/2.0.1
- version/wordpress/2.0.2
- version/wordpress/2.0.4
- version/wordpress/2.0.5
- version/wordpress/2.0.6
- version/wordpress/2.0.7
- version/wordpress/2.0.8
- version/wordpress/2.0.9
- version/wordpress/2.0.10
- version/wordpress/2.0.11
- version/wordpress/2.1
- version/wordpress/2.1.1
- version/wordpress/2.1.2
- version/wordpress/2.1.3
- version/wordpress/2.2
- version/wordpress/2.2.1
- version/wordpress/2.2.2
- version/wordpress/2.2.3
- version/wordpress/2.3
- version/wordpress/2.3.1
- version/wordpress/2.3.2
- version/wordpress/2.3.3
- version/wordpress/2.5
- version/wordpress/2.5.1
- version/wordpress/2.6
- version/wordpress/2.6.1
- version/wordpress/2.6.2
- version/wordpress/2.6.3
- version/wordpress/2.6.5
- version/wordpress/2.7
- version/wordpress/2.7.1
- version/wordpress/2.8
- version/wordpress/2.8.1
- version/wordpress/2.8.2
- version/wordpress/2.8.3
- version/wordpress/2.8.4
- version/wordpress/2.8.4-a
- version/wordpress/2.8.5
- version/wordpress/2.8.5.1
- version/wordpress/2.8.5.2
- version/wordpress/2.8.6
- version/wordpress/2.9
- version/wordpress/2.9.1
- version/wordpress/2.9.1.1
- version/wordpress/2.9.2
- version/wordpress/3.3
- version/wordpress/3.3.1
- version/wordpress/3.3.2
- version/wordpress/3.3.3
- version/wordpress/3.4.0
- version/wordpress/3.4.1
- version/wordpress/3.4.2
- version/wordpress/3.5.0