Description
Server-Side Request Forgery (SSRF) vulnerability allows an attacker to perform local and/or remote network requests while impersonating the target server. Using this vulnerability, Invicti was able to access the target's localhost service.
Remediation
Properly sanitize user input.
References
Related Vulnerabilities
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.17)
WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)
WordPress Plugin All-in-One Video Gallery Multiple Vulnerabilities (2.6.0)
WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)