WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

Affects WordPresses

fixed in version 5.2.4
fixed in version 5.2.4
fixed in version 5.2.4
fixed in version 5.2.4
fixed in version 5.1.3
fixed in version 5.1.3
fixed in version 5.1.3
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31

References

CVE 2019-17669
CVE 2019-17670
URL https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
URL https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
URL https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

Classification

Type SSRF
OWASP Top 10 A1: Injection
CWE CWE-918

Miscellaneous

Original Researcher Eugene Kolodenker
Views 3149
Verified No
WPVDB ID 9912

Timeline

Publicly Published 2019-10-14 (about 1 month ago)
Added 2019-10-15 (about 1 month ago)
Last Updated 2019-10-17 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin