CVE-2013-2203
EPSS 0.90%
Description
WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.
How to fix CVE-2013-2203
To remediate CVE-2013-2203, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 3.5.2+dfsg-1 or later
Is CVE-2013-2203 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.5.2+dfsg-1