Description
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slider Hero with Animation, Video Background Unspecified Vulnerability (5.5.0)
PHP CVE-2009-3293 Vulnerability (CVE-2009-3293)
WordPress Plugin Crayon Syntax Highlighter Security Bypass (2.6.10)
Oracle Database Server CVE-2016-0499 Vulnerability (CVE-2016-0499)
WordPress Plugin Sendit WP Newsletter 'submit.php' Blind SQL Injection (1.5.9)