[wp-trac] [WordPress Trac] #57363: WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
WordPress Trac
noreply at wordpress.org
Fri May 5 14:17:38 UTC 2023
#57363: WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
------------------------------+------------------------------
Reporter: edavis711 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Pings/Trackbacks | Version: 6.1.1
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
------------------------------+------------------------------
Comment (by jfaguilarsaatchi):
Replying to [comment:5 TylerTork]:
> While this isn't a particularly serious issue security-wise, it's a
serious issue PR-wise. I don't know how many millions of people are now
receiving daily security notifications from iThemes or Google or whatever,
but if there's going to be any significant delay, I'd say it's better to
disable the pingback capability altogether if that's what it takes to fix
it ASAP. It's a stupid function anyway, of use mainly to spammers.
Well, is it? I think the premise behind it, in groups that discuss a
specific subjet is a good idea, but could be easily replaced with do
follow links and curated RSS feeds, maybe a third party service that
provides SEO insights on backlinks. But yeah...
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57363#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list