5
CVSSv2

CVE-2016-2222

Published: 22/05/2016 Updated: 04/11/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The wp_http_validate_url function in wp-includes/http.php in WordPress prior to 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.

Affected Products

Vendor Product Versions
WordpressWordpress4.4.1

Vendor Advisories

Two vulnerabilities were discovered in wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2221 Shailesh Suthar discovered an open redirection vulnerability CVE-2016-2222 Ronni Skansing discovered a server-side request forgery (SSRF) vulnerability For the oldst ...
Debian Bug report logs - #813697 wordpress: New version available: 442 (CVE-2016-2221 CVE-2016-2222) Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Christer Mjellem Strand <dilldall@bjorkorg> Date: Thu, 4 Fe ...

Github Repositories

Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Vulnerability Name or ID 8819 Summary: An attacker can inject a malicious script in to the filename which a victim tries to upload leading to XSS inside the administrato

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 Exploit Database 3684