Lucene search
WPScanCVELIST:CVE-2022-3590HistoryDec 14, 2022 - 8:33 a.m.
CVE-2022-3590 WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
2022-12-1408:33:40
WPScan
www.cve.org
5
wordpress
ssrf
vulnerability
dns rebinding
toctou
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
CNA Affected
[
{
"vendor": "WordPress",
"product": "WordPress",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "4.1.30",
"lessThanOrEqual": "6.1.1"
}
],
"defaultStatus": "affected"
}
]Related
wpvulndb
wpvulndb
WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding
2022-12-13 00:00:00
ubuntucve
ubuntucve
CVE-2022-3590
2022-12-14 00:00:00
osv
osv
CVE-2022-3590
2022-12-14 09:15:09
BIT-wordpress-2022-3590
2024-03-06 11:09:54
BIT-wordpress-multisite-2022-3590
2024-03-06 11:09:38
openvas
openvas
WordPress <= 6.4.1 SSRF Vulnerability
2022-12-15 00:00:00
nvd
nvd
CVE-2022-3590
2022-12-14 09:15:09
wpexploit
wpexploit
WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding
2022-12-13 00:00:00
prion
prion
Race condition
2022-12-14 09:15:00
debiancve
debiancve
CVE-2022-3590
2022-12-14 09:15:09
cve
cve
CVE-2022-3590
2022-12-14 09:15:09
githubexploit
githubexploit
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Wordpress
2024-08-08 03:02:05
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Wordpress
2023-06-12 13:06:54