Skip to main content

CVE-2013-0235

Severity Medium
Score 6.4/10

Summary

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published