Description
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Access Control Vulnerability (CVE-2014-7810)
WordPress Plugin CWIS-Antivirus Security Scanner Unspecified Vulnerability (2.3.2)
Moodle CVE-2023-5551 Vulnerability (CVE-2023-5551)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1648)
Joomla Improper Authentication Vulnerability (CVE-2022-23795)