[wp-trac] [WordPress Trac] #60145: WordPress <= 6.4.2 is vulnerable to Server Side Request Forgery (SSRF)
WordPress Trac
noreply at wordpress.org
Sat Dec 23 07:57:46 UTC 2023
#60145: WordPress <= 6.4.2 is vulnerable to Server Side Request Forgery (SSRF)
--------------------------+-----------------------------
Reporter: fahimmurshed | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: 6.4.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
After installing the WordPress. I have got this. Please fix it on the core
or provide a temporary solution.
This vulnerability affects all WordPress core versions, and at this point
is not something that is likely to be fixed anytime soon. This
vulnerability is of low severity and has no meaningful impact on the
average site.
Simon Scannell & Thomas Chauchefoin discovered and reported this Server
Side Request Forgery (SSRF) vulnerability in WordPress. This could allow a
malicious actor to cause a website to execute website requests to an
arbitrary domain of the attacker. This could allow a malicious actor to
find sensitive information of other services running on the system. This
vulnerability has not been known to be fixed yet.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60145>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list