WordPress <= 6.1.1 – Unauthenticated Blind SSRF via DNS Rebinding

• 

  olxpracaofficial · Member · Mar 21, 2023 at 6:20 pm

  • Copy link
  • Add topic to favorites

  We are experiencing the “WP <= 6.1.1 – Unauthenticated Blind SSRF via DNS Rebinding” issue in WordPress version 6.1.1 on my website OlxPraca.com, it means that there is a security vulnerability in the software that allows an attacker to carry out a blind Server-Side Request Forgery (SSRF) attack using DNS rebinding techniques. This vulnerability can be exploited by an attacker to access internal systems or services that are normally protected from external access. Please tell me the possible solutions for this problem/error.
  Thanks.

  The blog I need help with is: (visible only to logged in users)

• 

  staartmees · Member · Mar 21, 2023 at 6:27 pm

  • Copy link

  There is no need to create multiple duplicate threads. These forums are for sites running on the wordpress.com platform, not for sites using the open source wordpress.org.

  This isn’t a critical error, just wait for the upcoming update.

• 

  olxpracaofficial · Member · Mar 21, 2023 at 6:29 pm

  • Copy link

  Thanks for your reply. Okay I’ll wait.

• 

  staff-totoro · Staff · Mar 21, 2023 at 10:28 pm

  • Copy link

  Hi there,

  Hi there,

  Apologies, but we can’t help with your issue directly because we don’t host olxpraca.com on our WordPress.com managed hosting.

  To explain, we are a fully managed hosting provider and use a custom server environment that is optimized for WordPress, provides built-in security and performance improvements, as well as in-house support for your site questions.

  Because of the way we’ve optimized our service, we also use a customized version of WordPress that is different (under the hood) from what you use at your current provider. As a result, we do not have access to your site and are not familiar with the source of your issue.

  You definitely have the option to move your site to us so we can provide in-house help, but as it stands now, we cannot help since it is hosted elsewhere. The good news is that help is available here at the open-source WordPress forums: https://wordpress.org/support/forum/how-to-and-troubleshooting/

  The folks in that forum are more familiar with these kinds of issues and are in the best position to help. Thanks!