Pingback is a method for web authors to request notification when somebody links to one of their documents. Typically, web publishing software will automatically inform the relevant parties on behalf of the user, allowing for the possibility of automatically creating links to referring documents.
WordPress accepts Pingback calls via the XMLRPC interface. Using this feature it's possible to list hosts from the internal network and test for open ports.
- Currently there is no official workaround. Disabling pingbacks and trackbacks from the Discussion Settings page doesn't fix the problem. Until a fix is released you can rename the xmlrpc.php file to a hard-to-guess filename.
- WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
- WordPress Plugin Easy Author Image Information Disclosure (1.5)
- Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)
- Stack Trace Disclosure (Python)
- WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)