CVE-2022-3590

CVSS V2 None CVSS V3 None
Description
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
Overview
  • CVE ID
  • CVE-2022-3590
  • Assigner
  • contact@wpscan.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-14T09:15:09
  • Last Modified Date
  • 2022-12-20T19:25:14
Weakness Enumerations
CWE URL
CWE-367 http://cwe.mitre.org/data/definitions/367.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* 1 OR 4.2 6.1.1
cpe:2.3:a:wordpress:wordpress:4.1:-:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/
https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3590
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3590
History
Created Old Value New Value Data Type Notes
2022-12-14 09:16:52 Added to TrackCVE
2022-12-14 14:15:30 2022-12-14T09:15:09.260 2022-12-14T09:15:09 CVE Published Date updated
2022-12-14 14:15:30 2022-12-14T14:09:52 CVE Modified Date updated
2022-12-14 14:15:30 Received Awaiting Analysis Vulnerability Status updated
2022-12-18 04:35:29 2022-12-16T17:59:28 CVE Modified Date updated
2022-12-18 04:35:29 Awaiting Analysis Analyzed Vulnerability Status updated
2022-12-18 04:35:42 CWE-367 Weakness Enumeration updated
2022-12-18 04:35:43 CPE Information updated
2022-12-21 07:02:20 2022-12-20T19:25:14 CVE Modified Date updated