Lucene search
RedhatCVE-2013-2202HistoryJul 08, 2013 - 8:55 p.m.
CVE-2013-2202
2013-07-0820:55:01
CWE-200
redhat
web.nvd.nist.gov
47
wordpress
cve-2013-2202
xxe
security issue
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.004
Percentile
72.2%
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Affected configurations
Node
wordpresswordpressRange≤3.5.1
ORwordpresswordpressMatch0.71
ORwordpresswordpressMatch1.0
ORwordpresswordpressMatch1.0.1
ORwordpresswordpressMatch1.0.2
ORwordpresswordpressMatch1.1.1
ORwordpresswordpressMatch1.2
ORwordpresswordpressMatch1.2.1
ORwordpresswordpressMatch1.2.2
ORwordpresswordpressMatch1.2.3
ORwordpresswordpressMatch1.2.4
ORwordpresswordpressMatch1.2.5
ORwordpresswordpressMatch1.2.5a
ORwordpresswordpressMatch1.3
ORwordpresswordpressMatch1.3.2
ORwordpresswordpressMatch1.3.3
ORwordpresswordpressMatch1.5
ORwordpresswordpressMatch1.5.1
ORwordpresswordpressMatch1.5.1.1
ORwordpresswordpressMatch1.5.1.2
ORwordpresswordpressMatch1.5.1.3
ORwordpresswordpressMatch1.5.2
ORwordpresswordpressMatch1.6.2
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.4a
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.5.1
ORwordpresswordpressMatch2.8.5.2
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.1.1
ORwordpresswordpressMatch2.9.2
ORwordpresswordpressMatch3.3
ORwordpresswordpressMatch3.3.1
ORwordpresswordpressMatch3.3.2
ORwordpresswordpressMatch3.3.3
ORwordpresswordpressMatch3.4.0
ORwordpresswordpressMatch3.4.1
ORwordpresswordpressMatch3.4.2
ORwordpresswordpressMatch3.5.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.71 | cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0 | cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.1 | cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.2 | cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.1.1 | cpe:2.3:a:wordpress:wordpress:1.1.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2 | cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.1 | cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.2 | cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.3 | cpe:2.3:a:wordpress:wordpress:1.2.3:*:*:*:*:*:*:* |
Related
patchstack
patchstack
WordPress <= 3.5.1 - External Entity Injection
2013-02-19 00:00:00
ubuntucve
ubuntucve
CVE-2013-2202
2013-07-08 00:00:00
prion
prion
Xxe
2013-07-08 20:55:00
wpvulndb
wpvulndb
WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE)
2013-06-21 00:00:00
nvd
nvd
CVE-2013-2202
2013-07-08 20:55:01
cvelist
cvelist
CVE-2013-2202
2013-07-08 20:00:00
debiancve
debiancve
CVE-2013-2202
2013-07-08 20:55:01
freebsd
freebsd
wordpress -- multiple vulnerabilities
2013-06-21 00:00:00
nessus
nessus
FreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)
2013-07-28 00:00:00
Fedora 19 : wordpress-3.5.2-1.fc19 (2013-11590)
2013-07-12 00:00:00
Fedora 17 : wordpress-3.5.2-1.fc17 (2013-11649)
2013-07-12 00:00:00
openvas
openvas
Fedora Update for wordpress FEDORA-2013-11590
2013-08-20 00:00:00
Fedora Update for wordpress FEDORA-2013-11590
2013-08-20 00:00:00
Debian: Security Advisory (DSA-2718-1)
2013-06-30 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-07-08 00:00:00
[SECURITY] [DSA 2718-1] wordpress security update
2013-07-08 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: wordpress-3.5.2-1.fc19
2013-07-03 01:36:05
[SECURITY] Fedora 19 Update: wordpress-3.6.1-1.fc19
2013-09-26 06:04:43
[SECURITY] Fedora 18 Update: wordpress-3.5.2-1.fc18
2013-07-03 01:37:44
osv
osv
wordpress - several
2013-07-01 00:00:00
debian
debian
[SECURITY] [DSA 2718-1] wordpress security update
2013-07-02 19:50:33
mageia
mageia
Updated wordpress package fixes security vulnerabilities
2013-07-01 23:19:24
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.004
Percentile
72.2%
Related for CVE-2013-2202