Lucene search
HistoryJul 08, 2013 - 8:55 p.m.
CVE-2013-2199
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.04
Percentile
92.2%
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235.
Affected configurations
Node
wordpresswordpressRange≤3.5.1
ORwordpresswordpressMatch0.71
ORwordpresswordpressMatch1.0
ORwordpresswordpressMatch1.0.1
ORwordpresswordpressMatch1.0.2
ORwordpresswordpressMatch1.1.1
ORwordpresswordpressMatch1.2
ORwordpresswordpressMatch1.2.1
ORwordpresswordpressMatch1.2.2
ORwordpresswordpressMatch1.2.3
ORwordpresswordpressMatch1.2.4
ORwordpresswordpressMatch1.2.5
ORwordpresswordpressMatch1.2.5a
ORwordpresswordpressMatch1.3
ORwordpresswordpressMatch1.3.2
ORwordpresswordpressMatch1.3.3
ORwordpresswordpressMatch1.5
ORwordpresswordpressMatch1.5.1
ORwordpresswordpressMatch1.5.1.1
ORwordpresswordpressMatch1.5.1.2
ORwordpresswordpressMatch1.5.1.3
ORwordpresswordpressMatch1.5.2
ORwordpresswordpressMatch1.6.2
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.4a
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.5.1
ORwordpresswordpressMatch2.8.5.2
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.1.1
ORwordpresswordpressMatch2.9.2
ORwordpresswordpressMatch3.3
ORwordpresswordpressMatch3.3.1
ORwordpresswordpressMatch3.3.2
ORwordpresswordpressMatch3.3.3
ORwordpresswordpressMatch3.4.0
ORwordpresswordpressMatch3.4.1
ORwordpresswordpressMatch3.4.2
ORwordpresswordpressMatch3.5.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.71 | cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0 | cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.1 | cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.2 | cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.1.1 | cpe:2.3:a:wordpress:wordpress:1.1.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2 | cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.1 | cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.2 | cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.3 | cpe:2.3:a:wordpress:wordpress:1.2.3:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2013-2199
2013-07-08 00:00:00
CVE-2013-0235
2013-07-08 00:00:00
debiancve
debiancve
CVE-2013-2199
2013-07-08 20:55:01
CVE-2013-0235
2013-07-08 20:55:00
cve
cve
CVE-2013-2199
2013-07-08 20:55:01
CVE-2013-0235
2013-07-08 20:55:00
prion
prion
Server side request forgery (ssrf)
2013-07-08 20:55:00
Server side request forgery (ssrf)
2013-07-08 20:55:00
cvelist
cvelist
CVE-2013-2199
2013-07-08 20:00:00
CVE-2013-0235
2013-07-08 20:00:00
patchstack
patchstack
WordPress <= 3.5.1 - Multiple SSRF
2013-02-19 00:00:00
WordPress <= 3.5.0 - SSRF
2012-12-06 00:00:00
metasploit
metasploit
Wordpress Pingback Locator
2013-01-05 01:44:40
openvas
openvas
WordPress Pingback Vulnerability
2013-02-07 00:00:00
Debian: Security Advisory (DSA-2718-1)
2013-06-30 00:00:00
Fedora Update for wordpress FEDORA-2013-1774
2013-02-11 00:00:00
thn
thn
nessus
nessus
Fedora 18 : wordpress-3.5.1-1.fc18 (2013-1774)
2013-02-11 00:00:00
Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692)
2013-02-11 00:00:00
WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery
2013-02-04 00:00:00
packetstorm
packetstorm
Wordpress Pingback Locator
2024-09-01 00:00:00
wpvulndb
wpvulndb
WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
2014-08-01 10:58:20
nvd
nvd
CVE-2013-0235
2013-07-08 20:55:00
osv
osv
wordpress - several
2013-07-01 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2718-1] wordpress security update
2013-07-08 00:00:00
debian
debian
[SECURITY] [DSA 2718-1] wordpress security update
2013-07-02 19:50:33
freebsd
freebsd
wordpress -- multiple vulnerabilities
2013-01-24 00:00:00
wordpress -- multiple vulnerabilities
2013-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: wordpress-3.5.1-1.fc18
2013-02-10 04:25:57
[SECURITY] Fedora 18 Update: wordpress-3.5.2-1.fc18
2013-07-03 01:37:44
[SECURITY] Fedora 18 Update: wordpress-3.6.1-1.fc18
2013-09-27 00:41:16
mageia
mageia
Updated wordpress package fixes security vulnerabilities
2013-07-01 23:19:24
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.04
Percentile
92.2%
Related for NVD:CVE-2013-2199