CVE-2016-2222

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.4.2

Description The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks. This is achieved by providing a zero value in the first octet of an IPv4 address in the u parameter to the "/wp-admin/press-this.php" API endpoint.

Recommendations For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/press-this.php" API endpoint until the update is applied. Avoid using the u parameter in the affected API endpoint until the issue is resolved.