Description
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mingle Forum Cross-Site Scripting (1.0.28)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-28644)
OpenSSL Use After Free Vulnerability (CVE-2026-28387)
WordPress 4.4.x Same Origin Method Execution (SOME) Vulnerability (4.4 - 4.4.2)
Magento Incorrect Authorization Vulnerability (CVE-2020-9692)