ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.4.1 - SSRF

Product
WordPress
Description
The vulnerability allows an attacker to conduct these server-side request forgery attacks via a zero value in the first octet of an IPv4 address in the "u" parameter to wp-admin/press-this.php.
Solution
Update WordPress.
Classification
Type Unknown
References
CVE Mitre
CVE
Name CVE-2016-2222
Versions
Affected In <= 4.4.1
Fixed In 4.4.2
Disclosure date
2016-02-05