WPScan
How it works
Pricing
Vulnerabilities
WordPress
Plugins
Themes
Stats
Submit vulnerabilities
For developers
Status
API details
CLI scanner
Contact
Login
Talk to sales
WPScan
How it works
Pricing
Vulnerabilities
WordPress
Plugins
Themes
Stats
Submit vulnerabilities
For developers
Status
API details
CLI scanner
Contact
Login
Talk to sales
WordPress Vulnerabilities
WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
Affects WordPress
3.8.1
Fixed in version 3.8.13
3.8
Fixed in version 3.8.13
3.7.1
Fixed in version 3.7.13
3.9
Fixed in version 3.9.11
3.9.1
Fixed in version 3.9.11
3.7
Fixed in version 3.7.13
3.8.2
Fixed in version 3.8.13
3.8.3
Fixed in version 3.8.13
3.9.2
Fixed in version 3.9.11
4.0
Fixed in version 4.0.10
Show more
References
CVE
CVE-2016-2222
URL
https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
URL
https://core.trac.wordpress.org/changeset/36435
URL
https://hackerone.com/reports/110801
Classification
Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b19b6a22-3ebf-488d-b394-b578cd23c959
Timeline
Publicly Published
2016-02-02
(about 7 years ago)
Added
2016-02-02
(about 7 years ago)
Last Updated
2020-09-22
(about 2 years ago)
Our Other Services
WPScan WordPress Security Plugin