Description
The SOAP endpoint supports the WS-Addressing technology, enabling clients to specify the destination for SOAP responses. An unauthenticated attacker could use it to send requests to other servers (Blind SSRF).
Remediation
Disable WS-Addressing if it's not required
References
Related Vulnerabilities
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.14)
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725
Apache Log4j socket receiver deserialization vulnerability
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Multiple Vulnerabilities (3.3.0)