CVE-2013-5739

2013-09-1210:00:00

mitre

raw.githubusercontent.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.7%

JSON

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.