WordPress is vulnerable to server-side request forgery (SSRF) attacks. The attacks exist because it bypasses the validation of GET request by using URL http://xxx.xxx.xxx.xxx/wp-admin/press-this.php?u=URL_TO_SCRAPE&url-scan-submit;=Scan
which has a zero value in the first octet of an IPv4 address in the URI parameter to wp-admin/press-this.php
.