Description
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.
Remediation
References
Related Vulnerabilities
TYPO3 Uncontrolled Recursion Vulnerability (CVE-2021-21359)
GlassFish CVE-2013-1508 Vulnerability (CVE-2013-1508)
WordPress Plugin Zedna Contact form Arbitrary File Upload (1.0)
WordPress Plugin Appointment Booking Calendar Multiple Vulnerabilities (1.1.7)
WordPress Plugin WP-Lister Lite for Amazon Cross-Site Scripting (2.4.3)