CVE-2013-2205

Wordpress < 3.5.1 - XSS

Title source: rule

Description

The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

References (6)

Scores

EPSS 0.0059
EPSS Percentile 68.9%

Details

CWE
CWE-16 CWE-79
Status published
Products (50)
wordpress/wordpress < 3.5.1
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
... and 40 more
Published Jul 08, 2013
Tracked Since Feb 18, 2026