[wp-trac] [WordPress Trac] #57363: WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

Fri May 5 14:17:38 UTC 2023

#57363: WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
------------------------------+------------------------------
 Reporter:  edavis711         |       Owner:  (none)
     Type:  defect (bug)      |      Status:  new
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  Pings/Trackbacks  |     Version:  6.1.1
 Severity:  normal            |  Resolution:
 Keywords:  needs-patch       |     Focuses:
------------------------------+------------------------------

Comment (by jfaguilarsaatchi):

 Replying to [comment:5 TylerTork]:
 > While this isn't a particularly serious issue security-wise, it's a
 serious issue PR-wise. I don't know how many millions of people are now
 receiving daily security notifications from iThemes or Google or whatever,
 but if there's going to be any significant delay, I'd say it's better to
 disable the pingback capability altogether if that's what it takes to fix
 it ASAP. It's a stupid function anyway, of use mainly to spammers.

 Well, is it? I think the premise behind it, in groups that discuss a
 specific subjet is a good idea, but could be easily replaced with do
 follow links and curated RSS feeds, maybe a third party service that
 provides SEO insights on backlinks. But yeah...

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57363#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform