8.6
CVE-2016-2222
- EPSS 5.17%
- Veröffentlicht 22.05.2016 01:59:15
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
LoginWordPress Core < 4.4.2 - Server-Side Request Forgery
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.13, 3.8.13, 3.9.11, 4.0.10, 4.1.10, 4.2.7, 4.3.3, 4.4.2
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.7)
Version
3.7 - 3.7.12
Version
3.8 - 3.8.12
Version
3.9 - 3.9.10
Version
4.0 - 4.0.9
Version
4.1 - 4.1.9
Version
4.2 - 4.2.6
Version
4.3 - 4.3.2
Version
4.4 - 4.4.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.17% | 0.895 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|