VDB
GCVE-110-MAGEIA-2013-198
GCVE-110-MAGEIA-2013-198
Advisory Published
A denial of service flaw was found in the way Wordpress, a blog tool and
publishing platform, performed hash computation when checking password for
password protected blog posts. A remote attacker could provide a specially-
crafted input that, when processed by the password checking mechanism of
Wordpress would lead to excessive CPU consumption (CVE-2013-2173).
Inadequate SSRF protection for HTTP requests where the user can provide a
URL can allow for attacks against the intranet and other sites. This is a
continuation of work related to CVE-2013-0235, which was specific to SSRF
in pingback requests and was fixed in 3.5.1 (CVE-2013-2199).
Inadequate checking of a user's capabilities could allow them to publish
posts when their user role should not allow for it; and to assign posts to
other authors (CVE-2013-2200).
Inadequate escaping allowed an administrator to trigger a cross-site
scripting vulnerability through the uploading of media files and plugins
(CVE-2013-2201).
The processing of an oEmbed response is vulnerable to an XXE
(CVE-2013-2202).
If the uploads directory is not writable, error message data returned via
XHR will include a full path to the directory (CVE-2013-2203).
Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project
(CVE-2013-2204).
Cross-domain XSS in SWFUpload (CVE-2013-2205).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | wordpress | 0 (affected), 3.5.2-1.mga2 (unaffected) | — |
| Mageia | wordpress | 0 (affected), 3.5.2-1.mga3 (unaffected) | — |
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.