Websites using WordPress on the latest version 6.1.1 are vulnerable to CVE-2022-3590 when the XML-RPC or the pingbacks.
What can happen
Ένας ιστότοπος WordPress μπορεί να αναγκαστεί να τρέξει αιτήματα σε συστήματα στο εσωτερικό δίκτυο για την αποκάλυψη ευαίσθητων πληροφοριών του server με blind πλαστογράφηση αιτημάτων από την πλευρά του διακομιστή (SSRF από το Server Side Request Forgery) μέσω επαναconnections DNS.
The probability of exploiting this vulnerability is considered low.
What you have to do
It is recommended that you apply one of the following options:
The safest option is to disable xmlrpc.php. This should only be applied if you are not using the XML-RPC protocol:
Disable xmlrpc.php simply with a rename, or a command in .htaccess, or ngnix. If this all sounds Chinese to you, search for “xmlrpc” to install a plugin that disables it.
A less secure option is to disable Pingbacks. This is recommended if WordPress depends on XML-RPC.
Disable WordPress pingbacks from the panel control
We await information from WordPress, which will be installed automatically.