Published: 22/05/2016 Updated: 04/11/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The wp_http_validate_url function in wp-includes/http.php in WordPress prior to 4.4.2 allows remote malicious users to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 4.4.1

Debian Bug report logs - #813697 wordpress: New version available: 442 (CVE-2016-2221 CVE-2016-2222) Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Christer Mjellem Strand <dilldall@bjorkorg> Date: Thu, 4 Fe ...

Two vulnerabilities were discovered in wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2221 Shailesh Suthar discovered an open redirection vulnerability CVE-2016-2222 Ronni Skansing discovered a server-side request forgery (SSRF) vulnerability For the oldst ...

Submission for assignment 7

Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Vulnerability Name or ID 8819 Summary: An attacker can inject a malicious script in to the filename which a victim tries to upload leading to XSS inside the administrato

NVD-CWE-Other https://core.trac.wordpress.org/changeset/36435 https://codex.wordpress.org/Version_4.4.2 https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/https://hackerone.com/reports/110801 https://wpvulndb.com/vulnerabilities/8376 http://www.securityfocus.com/bid/82454 http://www.securitytracker.com/id/1034933 http://www.debian.org/security/2016/dsa-3472 https://news.ycombinator.com/item?id=20433070 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813697 https://nvd.nist.gov https://github.com/csclgraham1/Assignment-7 https://www.debian.org/security/./dsa-3472

CVE-2016-2222

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect