CVE-2019-17669

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.2.4

Description The issue is related to a Server Side Request Forgery (SSRF) vulnerability. This occurs because URL validation does not consider the interpretation of a name as a series of hex characters. Exploitation of this issue may allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and configuring the server to validate URLs more strictly until a patch is applied. Avoid using URLs that could be interpreted as a series of hex characters in the affected API endpoints until the issue is resolved.