ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.0.0 - SSRF

Product
WordPress
Description
wp-includes/http.php in WordPress allows the attackers to conduct server-side request forgery attacks by referring to a 127.0.0.0/8 resource.
Solution
Update WordPress.
Classification
Type Unknown
References
CVE Mitre
CVE
Name CVE-2014-9038
Versions
Affected In <= 4.0.0
Fixed In 4.0.1
Disclosure date
2014-11-20