Recently, new vulnerabilities affecting Wordpress have been identified.

All customers who use WordPress are advised to upgrade to the latest version (3.5.2) immediately. You can view our full walk-through guide on Updating Wordpress here in our Support Center.

Below is a list and explanation of the vulnerabilities:

  • CVE-2013-2173
    A denial of service was found in the way wordpress performs hash computation when checking password for protected posts. An attacker supplying carefully crafted input as a password could make the platform use excessive CPU usage

  • CVE-2013-2199
    Multiple server-side requests forgery (SSRF) vulnerabilities were found in the HTTP API. This is related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1

  • CVE-2013-2201
    Multiple cross-side scripting (XSS) vulnerabilities due to badly escaped input were found in the media files and plugins upload forms

  • CVE-2013-2202
    XML External Entity Injection (XXE) vulnerability via oEmbed responses

  • CVE-2013-2203
    A Full path disclosure (FPD) was found in the file upload mechanism. If the upload directory is not writable, the error message returned includes the full directory path

  • CVE-2013-2203
    A Full path disclosure (FPD) was found in the file upload mechanism. If the upload directory is not writable, the error message returned includes the full directory path

  • CVE-2013-2204
    Content spoofing via flash applet in the embedded tinyMCE media plugin

  • CVE-2013-2205
    Cross-domain XSS in the embedded SWFupload uploader

You can read the Official Wordpress Release notes regarding this latest update on Wordpress.org.
Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

0 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!