WP <= 6.1.1 – Unauthenticated Blind SSRF via DNS Rebinding

This topic has 1 reply, 2 voices, and was last updated 2 years, 5 months ago by Elise Noromit.

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
February 24, 2023 at 7:13 pm #446106

aleks.fakaury
Participant

Jetpack show me this guys please help me :/
What is the problem?
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.

February 25, 2023 at 2:59 am #446173

Elise Noromit
Member

Hello,

Thank you very much for choosing our theme and for contacting us.

Please make the full backup of your site and check the issue on the Storefront theme to detect if our theme causes the problem. Storefront is a free theme developed by WooСommerce.

if you see the same on the Storefront, please contact Jetpack support on this issue.

Best Regards
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

Sign in

No account yet?

Create an Account