Security Advisory

CVE-2022-3590

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-14 08:33:40

Last updated 2025-04-21 14:12:02

Assigner WPScan

State PUBLISHED

Description

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.

← Browse all CVEs View on cve.org ↗