CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
72.2%
WordPress before 3.5.2 allows remote attackers to read arbitrary files via
an oEmbed XML provider response containing an external entity declaration
in conjunction with an entity reference, related to an XML External Entity
(XXE) issue.