If you are using WordPress, please take a moment to go through the process of updating your WordPress installation through the WordPress Administrator. Several vulnerabilities have been identified with WordPress version 3.5.1:

  • CVE-2013-2173

    A denial of service was found in the way wordpress performs hash computation when checking password for protected posts. An attacker supplying carefully crafted input as a password could make the platform use excessive CPU usage

  • CVE-2013-2199

    Multiple server-side requests forgery (SSRF) vulnerabilities were found in the HTTP API. This is related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1

  • CVE-2013-2200

    Inadequate checking of a user’s capabilities could lead to a privilege escalation, enabling them to publish posts when their user role should not allow for it and to assign posts to other authors

  • CVE-2013-2201

    Multiple cross-side scripting (XSS) vulnerabilities due to badly escaped input were found in the media files and plugins upload forms

  • CVE-2013-2202

    XML External Entity Injection (XXE) vulnerability via oEmbed responses
  • CVE-2013-2203

    A Full path disclosure (FPD) was found in the file upload mechanism. If the upload directory is not writable, the error message returned includes the full directory path

  • CVE-2013-2204

    Content spoofing via flash applet in the embedded tinyMCE media plugin

  • CVE-2013-2205

    Cross-domain XSS in the embedded SWFupload uploader

Thanks for your time and attention. Again, please make sure to update your WordPress installation through the WordPress Administrator in order to keep these vulnerabilities from affecting your installation. You can upgrade through the WordPress Administrator, or you can update using Softaculous installer.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Help Center:
Email Address
Optional, but our team may contact you for more information.
Did you find this article helpful?

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

Update to SSL Certificates - Certificate Warnings
1969-12-31 11:00 am EST
Hits: 680

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.