CVE-2022-3590: WordPress 6.1.1 – Unauth. Blind SSRF (0day)

Websites using WordPress on the latest version 6.1.1 are vulnerable to CVE-2022-3590 when the or the .

wordpress colorful

What can happen

Ένας ιστότοπος WordPress μπορεί να αναγκαστεί να τρέξει αιτήματα σε συστήματα στο εσωτερικό δίκτυο για την αποκάλυψη ευαίσθητων πληροφοριών του server με blind πλαστογράφηση αιτημάτων από την πλευρά του διακομιστή (SSRF από το Server Side Request Forgery) μέσω επαναs DNS.

The probability of exploiting this vulnerability is considered low.

What you have to do

It is recommended that you apply one of the following options:

The safest option is to disable xmlrpc.php. This should only be applied if you are not using the XML-RPC protocol:
Disable xmlrpc.php simply with a rename, or a command in .htaccess, or ngnix. If this all sounds Chinese to you, search for “xmlrpc” to install a plugin that disables it.

A less secure option is to disable Pingbacks. This is recommended if WordPress depends on XML-RPC.
Disable WordPress pingbacks from the panel

We await from WordPress, which will be installed automatically.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
wordpress, XML-RPC, pingbacks

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).