CVE-2013-2201

Wordpress < 3.5.1 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.

References (4)

[Product] http://codex.wordpress.org/Version_3.5.2

[Vendor Advisory] http://wordpress.org/news/2013/06/wordpress-3-5-2/

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=976784

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2718

Scores

EPSS 0.0075

EPSS Percentile 72.8%

Classification

CWE

CWE-79

Status draft

Affected Products (50)

wordpress/wordpress < 3.5.1

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

wordpress/wordpress

... and 35 more

Timeline

Published Jul 08, 2013

Tracked Since Feb 18, 2026