[wp-trac] [WordPress Trac] #58245: Request to prioritize WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding
WordPress Trac
noreply at wordpress.org
Wed May 3 16:46:58 UTC 2023
#58245: Request to prioritize WP <= 6.2 - Unauthenticated Blind SSRF via DNS
Rebinding
------------------------------+-----------------------------
Reporter: jfaguilarsaatchi | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version:
Severity: normal | Keywords:
Focuses: |
------------------------------+-----------------------------
Here's a revised version of the request with some improvements:
Dear Support Team,
We've been using Jetpack Protect WP Scann and have encountered an issue
related to the vulnerability known as "WP <= 6.2 - Unauthenticated Blind
SSRF via DNS Rebinding". We're writing to request your assistance in
resolving this issue.
We have made some attempts to neutralize the vulnerability on our end,
including blocking XML-RPC from CND, functions.php, and using a plugin
specifically designed for this purpose. Additionally, we have turned off
Pingbacks and TrackBacks. However, despite these efforts, we have not been
able to achieve a "Passing Grade" using the Jetpack Protect Plugin.
This is a known security issue, so I am not reporting it, I´m asking if a
future WP release could provide a solution as it is a source of
preocupation in the department.
We hope that you will consider this issue in your next release, as it is a
point of concern for our users. We appreciate your attention to this
matter and look forward to hearing back from you soon.
Best regards,
Juan
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58245>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list