[wp-trac] [WordPress Trac] #57363: WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
WordPress Trac
noreply at wordpress.org
Fri Dec 30 14:55:43 UTC 2022
#57363: WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
------------------------------+------------------------------
Reporter: edavis711 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Pings/Trackbacks | Version: 6.1.1
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
------------------------------+------------------------------
Comment (by TylerTork):
While this isn't a particularly serious issue security-wise, it's a
serious issue PR-wise. I don't know how many millions of people are now
receiving daily security notifications from iThemes or Google or whatever,
but if there's going to be any significant delay, I'd say it's better to
disable the pingback capability altogether if that's what it takes to fix
it ASAP. It's a stupid function anyway, of use mainly to spammers.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57363#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list