Wordpress is vulnerable to local server side request forgery (SSRF) attacks. The attacks are possible because the application ignores octal and hexadecimal IP address formats for intranet address, allowing attackers to escape the SSRF protection mechanism through malicious IP addresses.