Cross-site request forgery in WordPress - CVE-2017-9066
Published: May 17, 2017 / Updated: October 10, 2018
Vulnerability identifier: #VU6593
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9066
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: WordPress.ORG
Affected software:
WordPress
WordPress
Detailed vulnerability description
The disclosed vulnerability allows a remote attacker to redirect users to arbitrary website.
The vulnerability exists due to insufficient validation of user-supplied data before redirecting visitors in the HTTP class. A remote attacker can exploit this vulnerability to interact with the web server using SSRF vector.
Successful exploitation of the vulnerability may allow an attacker to send HTTP requests to 0.0.0.0 on port 80, 443 and 8080.
Example:
http://[host]/wp-admin/press-this.php?u=http://[HOST|IP]
How to mitigate CVE-2017-9066
Update to version 4.7.5.