Lucene search
Veracode Vulnerability DatabaseVERACODE:21742HistoryOct 18, 2019 - 8:16 a.m.
Server-Side Request Forgery (SSRF)
2019-10-1808:16:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
EPSS
0.007
Percentile
80.6%
wordpress is vulnerable to server-side request forgery (SSRF). Windows paths are mishandled when validating certain relative URLs, allowing the bypass of the URL redirection validation.
References
blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
core.trac.wordpress.org/changeset/46472
github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
lists.debian.org/debian-lts-announce/2019/11/msg00000.html
lists.debian.org/debian-lts-announce/2020/09/msg00011.html
lists.debian.org/debian-lts-announce/2022/10/msg00010.html
wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
wpvulndb.com/vulnerabilities/9912
Related
prion
prion
Server side request forgery (ssrf)
2019-10-17 13:15:00
openvas
openvas
Debian: Security Advisory (DLA-3141-1)
2022-10-11 00:00:00
Debian: Security Advisory (DLA-1980-1)
2019-11-06 00:00:00
Debian: Security Advisory (DLA-2371-1)
2020-09-12 00:00:00
debian
debian
[SECURITY] [DLA 3141-1] wordpress security update
2022-10-10 13:57:31
[SECURITY] [DLA 1980-1] wordpress security update
2019-11-05 16:38:37
[SECURITY] [DLA 2371-1] wordpress security update
2020-09-11 14:42:55
osv
osv
CVE-2019-17670
2019-10-17 13:15:10
wordpress - security update
2022-10-10 00:00:00
wordpress - security update
2019-11-05 00:00:00
cvelist
cvelist
CVE-2019-17670
2019-10-17 00:00:00
nvd
nvd
CVE-2019-17670
2019-10-17 13:15:10
nessus
nessus
Debian DLA-3141-1 : wordpress - LTS security update
2022-10-11 00:00:00
Debian DLA-1980-1 : wordpress security update
2019-11-06 00:00:00
Debian DLA-2371-1 : wordpress security update
2020-09-14 00:00:00
ubuntucve
ubuntucve
CVE-2019-17670
2019-10-17 00:00:00
debiancve
debiancve
CVE-2019-17670
2019-10-17 13:15:10
cve
cve
CVE-2019-17670
2019-10-17 13:15:10
wpvulndb
wpvulndb
WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
2019-10-14 00:00:00
hackerone
hackerone
Nord Security: Version problem in wordpress leads to the many vulnearability
2019-12-05 10:21:54