ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=4.7.4 - Insufficient Redirect Validation vulnerability

Product
WordPress
Description
All WordPress versions from 2.7 to 4.7.4 suffers from insufficient redirect validation in the HTTP class that leads to SSRF (Server Side Request Forgery).
Solution
Update WordPress core to the latest possible version (at least 4.7.5).
Classification
Type Server Side Request Forgery (SSRF)
OWASP Top 10 A10: Unvalidated Redirects and Forwards
References
GitHub
CVE
Name CVE-CVE-2017-9066
Versions
Affected In <=4.7.4
Fixed In 4.7.5
Disclosure date
2017-05-17
Credits
Ronni Skansing
Submitter
ThreatPress