What is CVE-2013-0235?

CVE-2013-0235 is a vulnerability in Wordpress. Published 2013-07-08.

Is CVE-2013-0235 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wordpress

CVE-2013-0235

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSR…

EPSS: 0.584 (98.2th percentile) — read the EPSS interpretation.

Affected products

Wordpress — versions 0.71, 1.0, 1.0.1
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cve-scores
harrystaley/CSCI4349_
harrystaley/TAMUSA_

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2013-0235?: CVE-2013-0235 is a vulnerability in Wordpress. Published 2013-07-08.
Is CVE-2013-0235 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.