CVE-2013-2203

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.5.2

Description The issue allows remote attackers to obtain sensitive information when the uploads directory forbids write access. This is achieved through an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.

Recommendations For versions prior to 3.5.2, update to version 3.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the uploads directory to minimize the risk of exploitation.