*URGENT* WordPress <= 6.1.1 – Unauth. Blind SSRF vulnerability | ww.wp.xz.cn

GIANNISCFA
(@gianniscfa)

1 year ago

Hello i have a hosting with 2 wordpress websites, today i noticed that none of them are accesable so i need my search into Cpanel and noticed this error messages and seem to be hacked or got malware, i removed everything and reinstall worpdress for both websites but those warning still there, any help?

https://prnt.sc/q8KKQvIc_Kvm

https://prnt.sc/68BVT84CIIMO

https://prnt.sc/6xLBt_9AVEw9

https://prnt.sc/nfGZiHfcgqVm

https://prnt.sc/gxdmIy9xXe1Z

Viewing 2 replies - 1 through 2 (of 2 total)

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

1 year ago

This is not really an issue.

A CVE (tracking number) was recently issues for a long standing DNS re-binding exploit (and with a CVE, the security plugins now toot it).
It has a very low priority, since it relies on someone hijacking your server’s DNS resolver, you can find some details, and responses, at https://portswigger.net/daily-swig/six-year-old-blind-ssrf-vulnerability-in-wordpress-core-feature-could-enable-ddos-attacks
Thread Starter GIANNISCFA
(@gianniscfa)

1 year ago
there is not afix for that? why cpanel thinks still my wordpress is vulnerable?

Moderator note: Please, No bumping

https://ww.wp.xz.cn/support/guidelines/#do-not-bump-posts”
- This reply was modified 1 year ago by Steven Stern (sterndata).

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘*URGENT* WordPress <= 6.1.1 – Unauth. Blind SSRF vulnerability’ is closed to new replies.

In: Installing WordPress
2 replies
2 participants
Last reply from: GIANNISCFA
Last activity: 1 year ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics