WordPress before 5.2.4 has a Server Side Request Forgery ... · CVE-2019-17670 · GitHub Advisory Database · GitHub

WordPress before 5.2.4 has a Server Side Request Forgery ...

High severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

References

Published by the National Vulnerability Database

Oct 17, 2019

Published to the GitHub Advisory Database May 24, 2022

Last updated Feb 1, 2023