in ,

Unauthenticated Blind SSRF Flaw in WordPress Core

This vulnerability was reported to WordPress on January 21; no fix is available yet. Please refer to the section Patch to obtain guidance on potential remediations to apply to your WordPress instances. 

It is the first time we have released details about an unpatched vulnerability, and this decision was not taken lightly. This issue was first reported about six years ago in January 2017 by another researcher and numerous others over the years. After our report and further investigation, we could also identify multiple public blog posts documenting the same behavior as the one we’ll be covering today. 

Because of its low impact as-is, its prior publication, and the need to chain it to additional vulnerabilities in third-party software, we believe this release won’t endanger WordPress users and can only help them harden their instances.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Zyxel releases new NAS firmware to fix critical RCE vulnerabilit

pfBlockerNG Unauth RCE Vulnerability – IHTeam Security Blog