Description

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

Remediation

References

CVE-2019-17669

Related Vulnerabilities

WordPress Plugin Social Slider 'rA[]' Parameter SQL Injection (5.6.5)

Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0473)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-9864)

WordPress Plugin Menu Creator 'updateSortOrder.php' SQL Injection (1.1.7)

Joomla! Core 3.0.0 Cross-Site Scripting (3.0.0)

Severity

Critical

Classification

CVE-2019-17669 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities