Description
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
Remediation
References
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2005-0244)
WordPress 4.9.x PHP Object Injection (4.9 - 4.9.17)
JBoss Application Server Improper Privilege Management Vulnerability (CVE-2012-2312)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Cross-Site Scripting (3.9.1)
WordPress Plugin Image News slider Arbitrary File Upload (3.5)