Published: 25/11/2014 Updated: 05/10/2015

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

wp-includes/http.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
wordpress wordpress 3.8
wordpress wordpress 3.8.1
wordpress wordpress 3.9.1
wordpress wordpress 3.9.2
wordpress wordpress 4.0
wordpress wordpress 3.8.2
wordpress wordpress 3.8.4
wordpress wordpress 3.8.3
wordpress wordpress 3.9

Debian Bug report logs - #783347 wordpress: New critical security release available: 412 (CVE-2015-3438 CVE-2015-3439) Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Christer Mjellem Strand <dilldall@bjorkorg> ...

Debian Bug report logs - #770425 wordpress: CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 (issues fixed in 401 security release) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bona ...

Debian Bug report logs - #783554 wordpress: New critical security release available: 421 (CVE-2015-3440) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Mon, 27 Apr 2015 22:24:02 UTC Severity: important Tags: security Found ...

CWE-20 https://core.trac.wordpress.org/changeset/30444 https://wordpress.org/news/2014/11/wordpress-4-0-1/http://openwall.com/lists/oss-security/2014/11/25/12 http://www.debian.org/security/2014/dsa-3085 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://advisories.mageia.org/MGASA-2014-0493.html http://www.securitytracker.com/id/1031243 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347

CVE-2014-9038

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect