CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2014-9038 — MEDIUM severity vulnerability | Release Alert
CVE-2014-9038
6.4
MEDIUMCVSS v2
Published
November 25, 2014
Affected
3 projects
Assigned by
MITRE
Severity scale
010
Description
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.
GitHubWordPress, Git-ified. This repository is just a mirror of the WordPress subversion repository. Please do not send pull requests. Submit pull requests to https://github.com/WordPress/wordpress-develop and patches to https://core.trac.wordpress.org/ instead.
RubyGemsThe Wordpress gem provides posting to a Wordpress.com blog or a self hosted wordpress by providing your username, password, login url(if you host your blog) and your blog content. With this gem, you have access to add a text entry on Wordpress blog by providing these options: title text, body text, and a tag array. You must include at least title text or body text with your post.
Posting images with posts, posting only images and pulling down your posts will be available very soon.