From $URL : Description Multiple vulnerabilities have been reported in Wordpress, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive data. 1) Certain unspecified input related to shortcodes and post content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input related to Plupload is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "sourceUri" parameter to the "pingback.ping" XMLRPC API method is not properly sanitised before being used. This can be exploited to e.g. disclose sensitive data. The vulnerabilities are reported in versions prior to 3.5.1. Solution Update to version 3.5.1. Provided and/or discovered by The vendor credits: 1) Jon Cave, WordPress security team. 2) Moxiecode. 3) Gennady Kovshenin and Ryan Dewhurst. Original Advisory WordPress: http://wordpress.org/news/2013/01/wordpress-3-5-1/
Closing noglsa for ~arch only.
CVE-2013-0237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0237): Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. CVE-2013-0236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0236): Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post. CVE-2013-0235 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0235): The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.