ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.5.0 - SSRF

Product
WordPress
Description
Because of The XMLRPC API, the attackers can send HTTP requests to intranet servers. Also, they can conduct port-scanning attacks by specifying a crafted source URL for a pingback.
Solution
Update WordPress.
Classification
Type Server Side Request Forgery (SSRF)
References
CVE Mitre
CVE
Name CVE-2013-0235
Versions
Affected In <= 3.5.1
Fixed In 3.5.0
Disclosure date
2012-12-06
Credits
nacin