CVE-2013-2203

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.

Published: Jul 8, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2203
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
WordPress / wordpress	2.8.5.2	2.8.5.2.x
WordPress / wordpress	1.2.3	1.2.3.x
WordPress / wordpress	3.4.0	3.4.0.x
WordPress / wordpress	2.0.11	2.0.11.x
WordPress / wordpress	1.3.3	1.3.3.x
WordPress / wordpress	2.8.6	2.8.6.x
WordPress / wordpress	2.0	2.0.x
WordPress / wordpress	2.1.1	2.1.1.x
WordPress / wordpress	2.2.3	2.2.3.x
WordPress / wordpress	2.0.2	2.0.2.x
WordPress / wordpress	1.6.2	1.6.2.x
WordPress / wordpress	3.5.0	3.5.0.x
WordPress / wordpress	2.1	2.1.x
WordPress / wordpress	1.1.1	1.1.1.x
WordPress / wordpress	1.2.4	1.2.4.x
WordPress / wordpress	2.0.6	2.0.6.x
WordPress / wordpress	2.0.1	2.0.1.x
WordPress / wordpress	2.8.4	2.8.4.x
WordPress / wordpress	2.0.4	2.0.4.x
WordPress / wordpress	2.2	2.2.x
WordPress / wordpress	1.2.1	1.2.1.x
WordPress / wordpress	2.1.3	2.1.3.x
WordPress / wordpress	1.3.2	1.3.2.x
WordPress / wordpress	2.8	2.8.x
WordPress / wordpress	3.3.3	3.3.3.x
WordPress / wordpress	2.0.7	2.0.7.x
WordPress / wordpress	2.1.2	2.1.2.x
WordPress / wordpress	1.2.5-a	1.2.5-a.x
WordPress / wordpress	2.7.1	2.7.1.x
WordPress / wordpress	0.71	0.71.x
WordPress / wordpress	2.6.3	2.6.3.x
WordPress / wordpress	2.0.5	2.0.5.x
WordPress / wordpress	2.8.3	2.8.3.x
WordPress / wordpress	2.8.4-a	2.8.4-a.x
WordPress / wordpress	2.6.5	2.6.5.x
WordPress / wordpress	2.2.2	2.2.2.x
WordPress / wordpress	2.3.3	2.3.3.x
WordPress / wordpress	1.5.1.1	1.5.1.1.x
WordPress / wordpress	2.0.9	2.0.9.x
WordPress / wordpress	2.8.1	2.8.1.x
WordPress / wordpress	2.2.1	2.2.1.x
WordPress / wordpress	2.7	2.7.x
WordPress / wordpress	1.5.2	1.5.2.x
WordPress / wordpress	1.0.1	1.0.1.x
WordPress / wordpress	2.6.2	2.6.2.x
WordPress / wordpress	2.9	2.9.x
WordPress / wordpress	2.3.1	2.3.1.x
WordPress / wordpress	1.0.2	1.0.2.x
WordPress / wordpress	2.5.1	2.5.1.x
WordPress / wordpress	3.3.2	3.3.2.x
WordPress / wordpress	2.6.1	2.6.1.x
WordPress / wordpress	1.5.1.2	1.5.1.2.x
WordPress / wordpress	-	3.5.1.x
WordPress / wordpress	1.2	1.2.x
WordPress / wordpress	2.8.5.1	2.8.5.1.x
WordPress / wordpress	2.9.2	2.9.2.x
WordPress / wordpress	2.5	2.5.x
WordPress / wordpress	3.3.1	3.3.1.x
WordPress / wordpress	1.2.2	1.2.2.x
WordPress / wordpress	2.0.10	2.0.10.x
WordPress / wordpress	2.9.1	2.9.1.x
WordPress / wordpress	1.0	1.0.x
WordPress / wordpress	3.3	3.3.x
WordPress / wordpress	1.5	1.5.x
WordPress / wordpress	2.8.2	2.8.2.x
WordPress / wordpress	3.4.2	3.4.2.x
WordPress / wordpress	1.5.1	1.5.1.x
WordPress / wordpress	3.4.1	3.4.1.x
WordPress / wordpress	1.2.5	1.2.5.x
WordPress / wordpress	1.5.1.3	1.5.1.3.x
WordPress / wordpress	2.9.1.1	2.9.1.1.x
WordPress / wordpress	2.3.2	2.3.2.x
WordPress / wordpress	1.3	1.3.x
WordPress / wordpress	2.6	2.6.x
WordPress / wordpress	2.8.5	2.8.5.x
WordPress / wordpress	2.0.8	2.0.8.x
WordPress / wordpress	2.3	2.3.x

Vulnerability Database

289,871

CVE-2013-2203