0.013 Low
EPSS
Percentile
86.0%
The vulnerability allows an attacker to conduct these server-side request forgery attacks via a zero value in the first octet of an IPv4 address in the “u” parameter to wp-admin/press-this.php.
Update WordPress.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222