Home > Vulnerability Database > CVE-2013-5739

Mend.io Vulnerability Database

CVE-2013-5739

Date: September 12, 2013

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.

Language: PHP

Severity Score

3.1

Related Resources (7)

Url: http://www.debian.org/security/2013/dsa-2757

Url: http://wordpress.org/news/2013/09/wordpress-3-6-1/

Url: http://codex.wordpress.org/Version_3.6.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-5739

Url: https://security-tracker.debian.org/tracker/CVE-2013-5739

Url: http://core.trac.wordpress.org/changeset/25322

Url: https://www.mend.io/vulnerability-database/CVE-2013-5739

Severity Score

3.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-5739

Date: September 12, 2013

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?