Vulnerability identifier: #VU6593

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9066

CWE-ID: CWE-352

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
WordPress
Web applications / CMS

Vendor: WordPress.ORG

Description

The disclosed vulnerability allows a remote attacker to redirect users to arbitrary website.

The vulnerability exists due to insufficient validation of user-supplied data before redirecting visitors in the HTTP class. A remote attacker can exploit this vulnerability to interact with the web server using SSRF vector.

Successful exploitation of the vulnerability may allow an attacker to send HTTP requests to 0.0.0.0 on port 80, 443 and 8080.

Example:

http://[host]/wp-admin/press-this.php?u=http://[HOST|IP]

Mitigation
Update to version 4.7.5.

Vulnerable software versions

WordPress: 4.7 - 4.7.4

---

External links
http://wordpress.org/news/2017/05/wordpress-4-7-5/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.