CVE-2013-2202

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.5.2

Description The issue allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This means that attackers can potentially access sensitive information by manipulating the XML response.

Recommendations For WordPress versions prior to 3.5.2, update to version 3.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the oEmbed XML provider to minimize the risk of exploitation.