PT-2019-15248 · WordPress · Wordpress

Evan Ricafort

·

Publicado

2019-10-17

·

Atualizado

2022-11-07

·

CVE-2019-17670

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.2.4
Description The issue is related to a Server Side Request Forgery (SSRF) vulnerability. This occurs because Windows paths are mishandled during certain validation of relative URLs.
Recommendations For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2019-17670
DLA-1980-1
DLA-2371-1
DLA-3141-1

Produtos afetados

Wordpress