CVE-2013-5738
Publication date 12 September 2013
Last updated 24 July 2024
Ubuntu priority
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.
Status
Package | Ubuntu Release | Status |
---|---|---|
wordpress | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |