What is the severity of CVE-2013-2203?

CVE-2013-2203 is classified as a medium severity vulnerability that can lead to information disclosure.

How do I fix CVE-2013-2203?

To fix CVE-2013-2203, upgrade to WordPress version 3.5.2 or later.

What types of WordPress versions are affected by CVE-2013-2203?

CVE-2013-2203 affects all WordPress versions prior to 3.5.2, including versions 3.5.1 and earlier.

What kind of information can be leaked due to CVE-2013-2203?

CVE-2013-2203 can reveal sensitive information including the absolute path of the WordPress installation.

Are there any specific configurations that increase vulnerability to CVE-2013-2203?

CVE-2013-2203 is specifically triggered when the uploads directory is configured to forbid write access, allowing attackers to exploit this condition.

Vulnerability/
CVE-2013-2203

medium

4.3

CWE

264

8/7/2013

6/8/2024

CVE-2013-2203

First published: Mon Jul 08 2013(Updated: )

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
WordPress	<=3.5.1
WordPress	=0.71
WordPress	=1.0
WordPress	=1.0.1
WordPress	=1.0.2
WordPress	=1.1.1
WordPress	=1.2
WordPress	=1.2.1
WordPress	=1.2.2
WordPress	=1.2.3
WordPress	=1.2.4
WordPress	=1.2.5
WordPress	=1.2.5-a
WordPress	=1.3
WordPress	=1.3.2
WordPress	=1.3.3
WordPress	=1.5
WordPress	=1.5.1
WordPress	=1.5.1.1
WordPress	=1.5.1.2
WordPress	=1.5.1.3
WordPress	=1.5.2
WordPress	=1.6.2
WordPress	=2.0
WordPress	=2.0.1
WordPress	=2.0.2
WordPress	=2.0.4
WordPress	=2.0.5
WordPress	=2.0.6
WordPress	=2.0.7
WordPress	=2.0.8
WordPress	=2.0.9
WordPress	=2.0.10
WordPress	=2.0.11
WordPress	=2.1
WordPress	=2.1.1
WordPress	=2.1.2
WordPress	=2.1.3
WordPress	=2.2
WordPress	=2.2.1
WordPress	=2.2.2
WordPress	=2.2.3
WordPress	=2.3
WordPress	=2.3.1
WordPress	=2.3.2
WordPress	=2.3.3
WordPress	=2.5
WordPress	=2.5.1
WordPress	=2.6
WordPress	=2.6.1
WordPress	=2.6.2
WordPress	=2.6.3
WordPress	=2.6.5
WordPress	=2.7
WordPress	=2.7.1
WordPress	=2.8
WordPress	=2.8.1
WordPress	=2.8.2
WordPress	=2.8.3
WordPress	=2.8.4
WordPress	=2.8.4-a
WordPress	=2.8.5
WordPress	=2.8.5.1
WordPress	=2.8.5.2
WordPress	=2.8.6
WordPress	=2.9
WordPress	=2.9.1
WordPress	=2.9.1.1
WordPress	=2.9.2
WordPress	=3.3
WordPress	=3.3.1
WordPress	=3.3.2
WordPress	=3.3.3
WordPress	=3.4.0
WordPress	=3.4.1
WordPress	=3.4.2
WordPress	=3.5.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2203?
CVE-2013-2203 is classified as a medium severity vulnerability that can lead to information disclosure.
How do I fix CVE-2013-2203?
To fix CVE-2013-2203, upgrade to WordPress version 3.5.2 or later.
What types of WordPress versions are affected by CVE-2013-2203?
CVE-2013-2203 affects all WordPress versions prior to 3.5.2, including versions 3.5.1 and earlier.
What kind of information can be leaked due to CVE-2013-2203?
CVE-2013-2203 can reveal sensitive information including the absolute path of the WordPress installation.
Are there any specific configurations that increase vulnerability to CVE-2013-2203?
CVE-2013-2203 is specifically triggered when the uploads directory is configured to forbid write access, allowing attackers to exploit this condition.

agent/references
agent/type
agent/softwarecombine
agent/author
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/wordpress
canonical/wordpress
version/wordpress/3.5.1
version/wordpress/0.71
version/wordpress/1.0
version/wordpress/1.0.1
version/wordpress/1.0.2
version/wordpress/1.1.1
version/wordpress/1.2
version/wordpress/1.2.1
version/wordpress/1.2.2
version/wordpress/1.2.3
version/wordpress/1.2.4
version/wordpress/1.2.5
version/wordpress/1.2.5-a
version/wordpress/1.3
version/wordpress/1.3.2
version/wordpress/1.3.3
version/wordpress/1.5
version/wordpress/1.5.1
version/wordpress/1.5.1.1
version/wordpress/1.5.1.2
version/wordpress/1.5.1.3
version/wordpress/1.5.2
version/wordpress/1.6.2
version/wordpress/2.0
version/wordpress/2.0.1
version/wordpress/2.0.2
version/wordpress/2.0.4
version/wordpress/2.0.5
version/wordpress/2.0.6
version/wordpress/2.0.7
version/wordpress/2.0.8
version/wordpress/2.0.9
version/wordpress/2.0.10
version/wordpress/2.0.11
version/wordpress/2.1
version/wordpress/2.1.1
version/wordpress/2.1.2
version/wordpress/2.1.3
version/wordpress/2.2
version/wordpress/2.2.1
version/wordpress/2.2.2
version/wordpress/2.2.3
version/wordpress/2.3
version/wordpress/2.3.1
version/wordpress/2.3.2
version/wordpress/2.3.3
version/wordpress/2.5
version/wordpress/2.5.1
version/wordpress/2.6
version/wordpress/2.6.1
version/wordpress/2.6.2
version/wordpress/2.6.3
version/wordpress/2.6.5
version/wordpress/2.7
version/wordpress/2.7.1
version/wordpress/2.8
version/wordpress/2.8.1
version/wordpress/2.8.2
version/wordpress/2.8.3
version/wordpress/2.8.4
version/wordpress/2.8.4-a
version/wordpress/2.8.5
version/wordpress/2.8.5.1
version/wordpress/2.8.5.2
version/wordpress/2.8.6
version/wordpress/2.9
version/wordpress/2.9.1
version/wordpress/2.9.1.1
version/wordpress/2.9.2
version/wordpress/3.3
version/wordpress/3.3.1
version/wordpress/3.3.2
version/wordpress/3.3.3
version/wordpress/3.4.0
version/wordpress/3.4.1
version/wordpress/3.4.2
version/wordpress/3.5.0