6.4

CVE-2014-9038

WordPress Core < 4.0.1 - Server-Side Request Forgery

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.5, 3.8.5, 3.9.3, 4.0.1
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.7)
Version 3.7 - 3.7.4
Version 3.8 - 3.8.4
Version 3.9 - 3.9.2
Version 4.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 3.7.4
WordpressWordpress Version3.8
WordpressWordpress Version3.8.1
WordpressWordpress Version3.8.2
WordpressWordpress Version3.8.3
WordpressWordpress Version3.8.4
WordpressWordpress Version3.9
WordpressWordpress Version3.9.1
WordpressWordpress Version3.9.2
WordpressWordpress Version4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.24% 0.786
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.