Pingback is a method for web authors to request notification when somebody links to one of their documents. Typically, web publishing software will automatically inform the relevant parties on behalf of the user, allowing for the possibility of automatically creating links to referring documents.

WordPress accepts Pingback calls via the XMLRPC interface. Using this feature it's possible to list hosts from the internal network and test for open ports.


Currently there is no official workaround. Disabling pingbacks and trackbacks from the Discussion Settings page doesn't fix the problem. Until a fix is released you can rename the xmlrpc.php file to a hard-to-guess filename.


Related Vulnerabilities