CVE-2022-3590: WordPress 6.1.1 – Unauth. Blind SSRF (0day)

Websites that use WordPress in the last 6.1.1 are vulnerable to CVE-2022-3590 when XML-RPC is enabled or .

wordpress colorful

What can happen

A WordPress site can be forced to run requests to systems on the internal network to reveal sensitive server information with blind Server Side Request Forgery (SSRF) through res DNS.

The probability of exploiting this vulnerability is considered low.

What you have to do

It is recommended that you apply one of the following options:

The safest option is to disable xmlrpc.php. This should only be applied if you are not using the XML-RPC protocol:
Disable xmlrpc.php simply with a rename, or a command in .htaccess, or ngnix. If this all sounds Chinese to you, search for “xmlrpc” to install a plugin that disables it.

A less secure option is to disable Pingbacks. This is recommended if WordPress depends on XML-RPC.
Disable WordPress pingbacks from your dashboard

We await from WordPress, which will be installed automatically.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

pingbackswordpressXML-RPC

wordpress, XML-RPC, pingbacks

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).