Opened 10 months ago
Last modified 4 months ago
#60145 new defect (bug)
WordPress <= 6.4.2 is vulnerable to Server Side Request Forgery (SSRF)
Reported by: | fahimmurshed | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 6.4.2 |
Component: | XML-RPC | Keywords: | |
Focuses: | Cc: |
Description
After installing the WordPress. I have got this. Please fix it on the core or provide a temporary solution.
This vulnerability affects all WordPress core versions, and at this point is not something that is likely to be fixed anytime soon. This vulnerability is of low severity and has no meaningful impact on the average site.
Simon Scannell & Thomas Chauchefoin discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has not been known to be fixed yet.
This has apparently been a problem since 2022 and remains unadressed. See also https://patchstack.com/database/vulnerability/wordpress/wordpress-6-1-1-unauth-blind-ssrf-vulnerability