Description In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. Remediation References CVE-2017-9066 Related Vulnerabilities WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Cross-Site Scripting (2.6.0) Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8904) WordPress 3.4.1 Multiple Vulnerabilities (2.0 - 3.4.1) ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5666) Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.7) Severity High Classification CVE-2017-9066 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Tags Missing Update Known Vulnerabilities