CVE-2013-2204
WordPress Core <= 3.5.1 - Content-Spoofing Attacks
Severity Score
4.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.
moxieplayer.as en Moxiecode moxieplayer, como es usado en el plugin TinyMCE Media en WordPress anterior a v3.5.2 y otros productos, no tiene en cuenta la presencia de un carácter # (signo almohadilla), durante la extracción de la QUERY_STRING, que permite a atacantes remotos para pasar parámetros arbitrarios a una aplicación Flash, y realizar ataques de suplantación de contenido, una cadena hecha a mano después de un carácter ? (signo de interrogación).
A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially-crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption. Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to which was specific to SSRF in pingback requests and was fixed in 3.5.1. Inadequate checking of a user's capabilities could allow them to publish posts when their user role should not allow for it; and to assign posts to other authors. Inadequate escaping allowed an administrator to trigger a cross-site scripting vulnerability through the uploading of media files and plugins. The processing of an oEmbed response is vulnerable to an XXE. If the uploads directory is not writable, error message data returned via XHR will include a full path to the directory. Content Spoofing in the MoxieCode MoxiePlayer project. Cross-domain XSS in SWFUpload.
*Credits:
Wan Ikram
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-06-21 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://codex.wordpress.org/Version_3.5.2 | X_refsource_confirm | |
| https://bugzilla.redhat.com/show_bug.cgi?id=976784 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://github.com/moxiecode/moxieplayer/commit/b61ac518ffa2657e2dc9019b2dcf2f3f37dbfab0 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://wordpress.org/news/2013/06/wordpress-3-5-2 | 2013-08-13 | |
| http://www.debian.org/security/2013/dsa-2718 | 2013-08-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tinymce Search vendor "Tinymce" | Media Search vendor "Tinymce" for product "Media" | - | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | <= 3.5.1 Search vendor "Wordpress" for product "Wordpress" and version " <= 3.5.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 0.71 Search vendor "Wordpress" for product "Wordpress" and version "0.71" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.0 Search vendor "Wordpress" for product "Wordpress" and version "1.0" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.0.1 Search vendor "Wordpress" for product "Wordpress" and version "1.0.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.0.2 Search vendor "Wordpress" for product "Wordpress" and version "1.0.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.1.1 Search vendor "Wordpress" for product "Wordpress" and version "1.1.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.2 Search vendor "Wordpress" for product "Wordpress" and version "1.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.2.1 Search vendor "Wordpress" for product "Wordpress" and version "1.2.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.2.2 Search vendor "Wordpress" for product "Wordpress" and version "1.2.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.2.3 Search vendor "Wordpress" for product "Wordpress" and version "1.2.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.2.4 Search vendor "Wordpress" for product "Wordpress" and version "1.2.4" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.2.5 Search vendor "Wordpress" for product "Wordpress" and version "1.2.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.2.5 Search vendor "Wordpress" for product "Wordpress" and version "1.2.5" | a |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.3 Search vendor "Wordpress" for product "Wordpress" and version "1.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.3.2 Search vendor "Wordpress" for product "Wordpress" and version "1.3.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.3.3 Search vendor "Wordpress" for product "Wordpress" and version "1.3.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.5 Search vendor "Wordpress" for product "Wordpress" and version "1.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.5.1 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.5.1.1 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.5.1.2 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.5.1.3 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.5.2 Search vendor "Wordpress" for product "Wordpress" and version "1.5.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 1.6.2 Search vendor "Wordpress" for product "Wordpress" and version "1.6.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0 Search vendor "Wordpress" for product "Wordpress" and version "2.0" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.1 Search vendor "Wordpress" for product "Wordpress" and version "2.0.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.2 Search vendor "Wordpress" for product "Wordpress" and version "2.0.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.4 Search vendor "Wordpress" for product "Wordpress" and version "2.0.4" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.5 Search vendor "Wordpress" for product "Wordpress" and version "2.0.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.6 Search vendor "Wordpress" for product "Wordpress" and version "2.0.6" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.7 Search vendor "Wordpress" for product "Wordpress" and version "2.0.7" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.8 Search vendor "Wordpress" for product "Wordpress" and version "2.0.8" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.9 Search vendor "Wordpress" for product "Wordpress" and version "2.0.9" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.10 Search vendor "Wordpress" for product "Wordpress" and version "2.0.10" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.0.11 Search vendor "Wordpress" for product "Wordpress" and version "2.0.11" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.1 Search vendor "Wordpress" for product "Wordpress" and version "2.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.1.1 Search vendor "Wordpress" for product "Wordpress" and version "2.1.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.1.2 Search vendor "Wordpress" for product "Wordpress" and version "2.1.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.1.3 Search vendor "Wordpress" for product "Wordpress" and version "2.1.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.2 Search vendor "Wordpress" for product "Wordpress" and version "2.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.2.1 Search vendor "Wordpress" for product "Wordpress" and version "2.2.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.2.2 Search vendor "Wordpress" for product "Wordpress" and version "2.2.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.2.3 Search vendor "Wordpress" for product "Wordpress" and version "2.2.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.3 Search vendor "Wordpress" for product "Wordpress" and version "2.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.3.1 Search vendor "Wordpress" for product "Wordpress" and version "2.3.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.3.2 Search vendor "Wordpress" for product "Wordpress" and version "2.3.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.3.3 Search vendor "Wordpress" for product "Wordpress" and version "2.3.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.5 Search vendor "Wordpress" for product "Wordpress" and version "2.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.5.1 Search vendor "Wordpress" for product "Wordpress" and version "2.5.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6 Search vendor "Wordpress" for product "Wordpress" and version "2.6" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6.1 Search vendor "Wordpress" for product "Wordpress" and version "2.6.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6.2 Search vendor "Wordpress" for product "Wordpress" and version "2.6.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6.3 Search vendor "Wordpress" for product "Wordpress" and version "2.6.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.6.5 Search vendor "Wordpress" for product "Wordpress" and version "2.6.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.7 Search vendor "Wordpress" for product "Wordpress" and version "2.7" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.7.1 Search vendor "Wordpress" for product "Wordpress" and version "2.7.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8 Search vendor "Wordpress" for product "Wordpress" and version "2.8" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.1 Search vendor "Wordpress" for product "Wordpress" and version "2.8.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.2 Search vendor "Wordpress" for product "Wordpress" and version "2.8.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.3 Search vendor "Wordpress" for product "Wordpress" and version "2.8.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.4 Search vendor "Wordpress" for product "Wordpress" and version "2.8.4" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.4 Search vendor "Wordpress" for product "Wordpress" and version "2.8.4" | a |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.5 Search vendor "Wordpress" for product "Wordpress" and version "2.8.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.5.1 Search vendor "Wordpress" for product "Wordpress" and version "2.8.5.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.5.2 Search vendor "Wordpress" for product "Wordpress" and version "2.8.5.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.8.6 Search vendor "Wordpress" for product "Wordpress" and version "2.8.6" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.9 Search vendor "Wordpress" for product "Wordpress" and version "2.9" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.9.1 Search vendor "Wordpress" for product "Wordpress" and version "2.9.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.9.1.1 Search vendor "Wordpress" for product "Wordpress" and version "2.9.1.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 2.9.2 Search vendor "Wordpress" for product "Wordpress" and version "2.9.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 3.3 Search vendor "Wordpress" for product "Wordpress" and version "3.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 3.3.1 Search vendor "Wordpress" for product "Wordpress" and version "3.3.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 3.3.2 Search vendor "Wordpress" for product "Wordpress" and version "3.3.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 3.3.3 Search vendor "Wordpress" for product "Wordpress" and version "3.3.3" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 3.4.0 Search vendor "Wordpress" for product "Wordpress" and version "3.4.0" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 3.4.1 Search vendor "Wordpress" for product "Wordpress" and version "3.4.1" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 3.4.2 Search vendor "Wordpress" for product "Wordpress" and version "3.4.2" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | 3.5.0 Search vendor "Wordpress" for product "Wordpress" and version "3.5.0" | - |
Affected
| ||||||