CVE-2022-3590
WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
We have discovered 3,568,724 live websites that are affected by CVE-2022-3590.
Affected Software
| Product |  WordPress |
| Category | Content Management System |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 780 |
| Vulnerable Domains | 3,568,724 live websites (31.31% of WordPress install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3590 and the relative popularity of websitesDetails
- Published - Dec 14, 2022
- Updated - Jan 10, 2023
Credits
- Thomas Chauchefoin (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 800,135 websites |
 Germany | 324,437 websites |
 Japan | 277,751 websites |
 France | 206,248 websites |
 Italy | 176,883 websites |
 GB | 157,773 websites |
 Russia | 134,328 websites |
 Netherlands | 120,817 websites |
 Poland | 115,990 websites |
 Spain | 108,295 websites |
TLDs
| .com | 1,442,825 websites |
| .de | 205,922 websites |
| .org | 142,087 websites |
| .it | 116,018 websites |
| .ru | 108,553 websites |
| .net | 106,074 websites |
| .nl | 97,618 websites |
| .co.uk | 92,831 websites |
| .pl | 85,845 websites |
| .fr | 82,758 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2022-3590 through included software libraries and plugins.References
- https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11
- https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/
Websites affected by CVE-2022-3590
Top websites that are affected by CVE-2022-3590. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.org |  Singapore | *** | |
| ***.*****************.com | United States | *** | |
| ****.br |  Brazil | *** | |
| ****.******.com | Singapore | *** | |
| ***.**********.com | United States | *** | |
| ***.*********.com | Germany | *** | |
| *******.******.com | United States | *** | |
| ***.*******.com |  Turkey | *** | |
| ****.*****.net | United States | *** | |
| ***.*********.com | United States | *** |