CVE-2022-3590
Description
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
CWE
- (none)
Affected
- WordPress / WordPress — v=4.1.30 ≤6.1.1 [affected]
CVSS
- (none)
References
- https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11 exploit, vdb-entry, technical-description
- https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/
Source
cvelistV5-main/cves/2022/3xxx/CVE-2022-3590.json