Description

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.

Remediation

References

CVE-2017-9066

Related Vulnerabilities

WordPress Plugin iubenda-All-in-one Compliance for GDPR/CCPA Cookie Consent + more Privilege Escalation (3.3.2)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.23)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1595)

WordPress Plugin Import Spreadsheets from Microsoft Excel Cross-Site Scripting (10.1.3)

Severity

High

Classification

CVE-2017-9066 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities