Make WordPress Core

Opened 7 months ago

Last modified 7 weeks ago

#60145 new defect (bug)

WordPress <= 6.4.2 is vulnerable to Server Side Request Forgery (SSRF)

Reported by: fahimmurshed's profile fahimmurshed Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.4.2
Component: XML-RPC Keywords:
Focuses: Cc:


After installing the WordPress. I have got this. Please fix it on the core or provide a temporary solution.

This vulnerability affects all WordPress core versions, and at this point is not something that is likely to be fixed anytime soon. This vulnerability is of low severity and has no meaningful impact on the average site.

Simon Scannell & Thomas Chauchefoin discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has not been known to be fixed yet.

Change History (1)

Note: See TracTickets for help on using tickets.