Published: 14/12/2022 Updated: 07/11/2023

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
wordpress wordpress 4.1

Debian Bug report logs - #1033251 wordpress: CVE-2022-3590 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 20 Mar 2023 19:09:02 UTC Severity: important Tags: security, upstream Found in version wordpress/611+dfsg1- ...

This repository contains a Python script that checks WordPress websites for the CVE-2022-3590 vulnerability, which exploits an unauthenticated blind Server-Side Request Forgery (SSRF) in the WordPress pingback feature.

CVE-2022-3590 WordPress Vulnerability Scanner This Python script is designed to check whether a WordPress website is vulnerable to the CVE-2022-3590 vulnerability The vulnerability exploits an unauthenticated blind Server-Side Request Forgery (SSRF) in the pingback feature of WordPress Getting Started These instructions will guide you on how to use this script Screenshot Pr

CWE-367 https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11 https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033251 https://nvd.nist.gov https://github.com/hxlxmjxbbxs/CVE-2022-3590-WordPress-Vulnerability-Scanner

CVE-2022-3590

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect