WordPress Vulnerabilities

WordPress 1.5.1-3.5 - XML-RPC Pingback API Internal/External Port Scanning

Affects WordPress

3.5
Fixed in WordPress 3.5.1
3.4.2
Fixed in WordPress 3.5.1
3.4.1
Fixed in WordPress 3.5.1
3.4
Fixed in WordPress 3.5.1
3.3.3
Fixed in WordPress 3.5.1
3.3.2
Fixed in WordPress 3.5.1
3.3.1
Fixed in WordPress 3.5.1
3.3
Fixed in WordPress 3.5.1
3.2.1
Fixed in WordPress 3.5.1
3.2
Fixed in WordPress 3.5.1
3.1.4
Fixed in WordPress 3.5.1
3.1.3
Fixed in WordPress 3.5.1
3.1.2
Fixed in WordPress 3.5.1
3.1.1
Fixed in WordPress 3.5.1
3.1
Fixed in WordPress 3.5.1
3.0.6
Fixed in WordPress 3.5.1
3.0.5
Fixed in WordPress 3.5.1
3.0.4
Fixed in WordPress 3.5.1
3.0.3
Fixed in WordPress 3.5.1
3.0.2
Fixed in WordPress 3.5.1
3.0.1
Fixed in WordPress 3.5.1
3.0
Fixed in WordPress 3.5.1
2.9.2
Fixed in WordPress 3.5.1
2.9.1
Fixed in WordPress 3.5.1
2.9
Fixed in WordPress 3.5.1
2.8.6
Fixed in WordPress 3.5.1
2.8.5
Fixed in WordPress 3.5.1
2.8.4
Fixed in WordPress 3.5.1
2.8.3
Fixed in WordPress 3.5.1
2.8.2
Fixed in WordPress 3.5.1
2.8.1
Fixed in WordPress 3.5.1
2.8
Fixed in WordPress 3.5.1
2.7.1
Fixed in WordPress 3.5.1
2.7
Fixed in WordPress 3.5.1
2.6.5
Fixed in WordPress 3.5.1
2.6.3
Fixed in WordPress 3.5.1
2.6.2
Fixed in WordPress 3.5.1
2.6.1
Fixed in WordPress 3.5.1
2.6
Fixed in WordPress 3.5.1
2.5.1
Fixed in WordPress 3.5.1
2.5
Fixed in WordPress 3.5.1
2.3.3
Fixed in WordPress 3.5.1
2.3.2
Fixed in WordPress 3.5.1
2.3.1
Fixed in WordPress 3.5.1
2.3
Fixed in WordPress 3.5.1
2.2.3
Fixed in WordPress 3.5.1
2.2.2
Fixed in WordPress 3.5.1
2.2.1
Fixed in WordPress 3.5.1
2.2
Fixed in WordPress 3.5.1
2.1.3
Fixed in WordPress 3.5.1
2.1.2
Fixed in WordPress 3.5.1
2.1.1
Fixed in WordPress 3.5.1
2.1
Fixed in WordPress 3.5.1
2.0.11
Fixed in WordPress 3.5.1
2.0.10
Fixed in WordPress 3.5.1
2.0.9
Fixed in WordPress 3.5.1
2.0.8
Fixed in WordPress 3.5.1
2.0.7
Fixed in WordPress 3.5.1
2.0.6
Fixed in WordPress 3.5.1
2.0.5
Fixed in WordPress 3.5.1
2.0.4
Fixed in WordPress 3.5.1
2.0.3
Fixed in WordPress 3.5.1
2.0.2
Fixed in WordPress 3.5.1
2.0.1
Fixed in WordPress 3.5.1
2.0
Fixed in WordPress 3.5.1
1.5.2
Fixed in WordPress 3.5.1
1.5.1.3
Fixed in WordPress 3.5.1
1.5.1.2
Fixed in WordPress 3.5.1
1.5.1.1
Fixed in WordPress 3.5.1
1.5.1
Fixed in WordPress 3.5.1

References

CVE
CVE-2013-0235
URL
https://github.com/FireFart/WordpressPingbackPortScanner

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918

Miscellaneous

Verified
Yes
WPVDB ID
21079a9f-7256-4ec0-b93d-44b489720cde

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2021-04-25 (about 4 years ago)

Other

Published
Title
Published
2025-09-26
Title
Silencesoft RSS Reader <= 0.6 - Unauthenticated Server-Side Request Forgery
Published
2025-03-25
Title
Zapier for WordPress < 1.5.2 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function
Published
2022-10-21
Title
Better Messages < 1.9.10.69 - Subscriber+ SSRF
Published
2025-12-18
Title
HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery
Published
2025-04-24
Title
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) < 3.1.3 - Unauthenticated Server-Side Request Forgery via URL Parameter