Description
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
Remediation
References
Related Vulnerabilities
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.28)
Jenkins Uncontrolled Resource Consumption Vulnerability (CVE-2021-28165)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4718)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.9.7)
Oracle Database Server CVE-2012-3134 Vulnerability (CVE-2012-3134)