CVE-2013-5739

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.6.1

Description The issue concerns the default configuration, which does not prevent uploads of certain file types, potentially making it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file. This is related to the get allowed mime types function in wp-includes/functions.php.

Recommendations For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent the upload of .swf and .exe files until the update is applied.