Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-79v7-pm7j-z7cu
SummaryThe XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
Aliases
0
alias CVE-2013-0235
Fixed_packages
0
url pkg:deb/debian/wordpress@3.5.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/wordpress@3.5.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@3.5.1%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r41-ecb5-xbe8
1
vulnerability VCID-qt8k-3a84-4kad
2
vulnerability VCID-tj4y-uey5-tff8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r41-ecb5-xbe8
1
vulnerability VCID-qt8k-3a84-4kad
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0235
reference_id
reference_type
scores
0
value 0.5836
scoring_system epss
scoring_elements 0.98229
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0235
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698916
reference_id 698916
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698916
Weaknesses
Exploits
0
date_added null
description 
This module will scan for wordpress sites with the Pingback
          API enabled. By interfacing with the API an attacker can cause
          the wordpress site to port scan an external target and return
          results. Refer to the wordpress_pingback_portscanner module.
          This issue was fixed in wordpress 3.5.1
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/http/wordpress_pingback_access.rb
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-79v7-pm7j-z7cu