ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.5.1 - External Entity Injection

Product
WordPress
Description
Because of this vulnerability, the attackers can read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference.
Solution
Update the plugin.
Classification
Type Unknown
References
CVE Mitre
CVE
Name CVE-2013-2202
Versions
Affected In <= 3.5.1
Fixed In 3.5.2
Disclosure date
2013-02-19
Credits
Jan Lieskovsky