Vulnerability identifier: #VU42745

Vulnerability risk: Medium

CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2013-0235

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
WordPress
Web applications / CMS

Vendor: WordPress.ORG

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue. Per: http://cwe.mitre.org/data/definitions/918.html 'CWE-918: Server-Side Request Forgery (SSRF)'

Mitigation
Install update from vendor's website.

Vulnerable software versions

WordPress: 0.71, 1.0 - 1.0.2, 1.2 - 1.2.5, 1.5 - 1.5.2, 2.0 - 2.0.11, 2.1 - 2.1.3, 2.2 - 2.2.3, 2.3 - 2.3.3, 2.5 - 2.5.1, 2.6 - 2.6.5, 2.7 - 2.7.1, 2.8 - 2.8.6, 2.9 - 2.9.2, 3.3 - 3.3.3, 3.4.0 - 3.4.2

---

External links
http://codex.wordpress.org/Version_3.5.1
http://core.trac.wordpress.org/changeset/23330
http://wordpress.org/news/2013/01/wordpress-3-5-1/
http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/
http://bugzilla.redhat.com/show_bug.cgi?id=904120

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.