Launchpad.net

CVE 2013-0235

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.

Related bugs and status

CVE-2013-0235 (Candidate) is related to these bugs:

Bug #1221040: Sync wordpress 3.6.1 (universe) from Debian stable-security

		In	Importance	Status
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu)	High	Fix Released
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Precise)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Quantal)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Raring)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Debian)	Unknown	Fix Released
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Saucy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-0235

Related bugs and status

Related bugs

References