CVE-2022-3590: WordPress <= 6.1.1 - Unauth. Blind SSRF vulnerability

Follow

Comments

8 comments

  • Avatar
    Stephan Busch

    tried and it doesn't work!

    3
    Comment actions Permalink
  • Avatar
    Bruno Vinci

    already disabled xmlrpc and pingback and it doesn't work.

    0
    Comment actions Permalink
  • Avatar
    Benjamin Weßel

    Hello Stephan Busch, Bruno Vinci,

    please open a support ticket so we can check for what reason the steps did not work.

    If you applied the solutions, but the vulnerability is still shown, note that in both cases "Disable xmlrpc.php" and "Turn off WordPress pingbacks" the vulnerability will still be shown in WordPress Toolkit.

    0
    Comment actions Permalink
  • Avatar
    Nawid Haidari (Edited )

    I tried both steps, but it also did not fix the issue with my WordPress installation.

    1
    Comment actions Permalink
  • Avatar
    Nawid Haidari

    I can not submit a support ticket since my license is with IONOS reseller. I would appreciate any help to get this vulnerability fixed.

     

    1
    Comment actions Permalink
  • Avatar
    Bruno Vinci

    @Nawid the same for me, i'm with IONOS

    0
    Comment actions Permalink
  • Avatar
    Bruno Vinci

    Not solved with this guide, still have this problem.

    0
    Comment actions Permalink
  • Avatar
    Ron Termeer

    We have the same problems on our server. Did all these "solutions" but it is stil not solved on our 70 sites of custormers.
    People are getting unsecure and keep calling us.
    Is this a plesk issue or is it an WordPress issue?

    1
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request