{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-3590","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","requesterUserId":"dc9e157c-ddf1-4983-adaf-9f01d16b5e04","dateReserved":"2022-10-18T14:10:29.395Z","datePublished":"2022-12-14T08:33:40.434Z","dateUpdated":"2025-04-21T14:12:02.956Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-01-10T09:10:27.114Z"},"title":"WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding","problemTypes":[{"descriptions":[{"description":"CWE-918 Server-Side Request Forgery (SSRF)","lang":"en","type":"CWE"},{"description":"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"WordPress","product":"WordPress","versions":[{"status":"affected","versionType":"custom","version":"4.1.30","lessThanOrEqual":"6.1.1"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden."}],"references":[{"url":"https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11","tags":["exploit","vdb-entry","technical-description"]},{"url":"https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/"}],"credits":[{"lang":"en","value":"Thomas Chauchefoin","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:14:02.086Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11","tags":["exploit","vdb-entry","technical-description","x_transferred"]},{"url":"https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/","tags":["x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.9,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-21T14:10:54.697734Z","id":"CVE-2022-3590","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-21T14:12:02.956Z"}}]}}