{"id":704,"date":"2023-04-01T21:17:35","date_gmt":"2023-04-01T19:17:35","guid":{"rendered":"https:\/\/lukas.kurth.rocks\/blog\/?p=704"},"modified":"2023-04-01T21:55:00","modified_gmt":"2023-04-01T19:55:00","slug":"was-ist-denn-da-aktuell-mit-wp-los","status":"publish","type":"post","link":"https:\/\/lukas.kurth.rocks\/blog\/2023\/04\/01\/was-ist-denn-da-aktuell-mit-wp-los\/","title":{"rendered":"Was ist denn da aktuell mit WP los?"},"content":{"rendered":"\n<p>Kein gro\u00dfer Beitrag, ist nur schon l\u00e4nger offen und es gab die kleine Hoffnung, dass das mit 6.2 jetzt mal gel\u00f6st w\u00e4re. War wohl nix. So meckern WP-Tools schon l\u00e4nger wegen einer &#8222;SSSF vulnerability&#8220; herum.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"866\" height=\"264\" src=\"https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-2.png\" alt=\"\" class=\"wp-image-705\" srcset=\"https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-2.png 866w, https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-2-300x91.png 300w, https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-2-768x234.png 768w, https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-2-770x235.png 770w\" sizes=\"auto, (max-width: 866px) 100vw, 866px\" \/><\/a><\/figure>\n\n\n\n<p><a href=\"https:\/\/patchstack.com\/database\/vulnerability\/wordpress\/wordpress-6-1-1-unauth-blind-ssrf-vulnerability?_a_id=110\">PatchStack<\/a> hat das schon auf der Liste.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-3.png\"><img loading=\"lazy\" decoding=\"async\" width=\"864\" height=\"255\" src=\"https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-3.png\" alt=\"\" class=\"wp-image-706\" srcset=\"https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-3.png 864w, https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-3-300x89.png 300w, https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-3-768x227.png 768w, https:\/\/lukas.kurth.rocks\/blog\/wp-content\/uploads\/grafik-3-770x227.png 770w\" sizes=\"auto, (max-width: 864px) 100vw, 864px\" \/><\/a><\/figure>\n\n\n\n<p>Erkl\u00e4rung dort: &#8222;Simon Scannell &amp; Thomas Chauchefoin discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has not been known to be fixed yet.&#8220;<\/p>\n\n\n\n<p>Tja, hat laut Foren mit der Pingback Funktionalit\u00e4t von WordPress zu tun, also ist das bei mir deaktiviert. W\u00fcrde die Meldung auch gerne weghaben, aber man kann ja nicht alles haben.<\/p>\n\n\n\n<p>Mal schauen wann das &#8222;gel\u00f6st&#8220; wird.<\/p>\n\n\n\n<p>PlugIns haben auch Fehler, aber die sind nicht schlimm, da deaktiviert\/ersetzt.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kein gro\u00dfer Beitrag, ist nur schon l\u00e4nger offen und es gab die kleine Hoffnung, dass das mit 6.2 jetzt mal gel\u00f6st w\u00e4re. War wohl nix. So meckern WP-Tools schon l\u00e4nger wegen einer &#8222;SSSF vulnerability&#8220; herum. PatchStack hat das schon auf der Liste. Erkl\u00e4rung dort: &#8222;Simon Scannell &amp; Thomas Chauchefoin discovered and reported this Server Side [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,3,5,8,387],"tags":[422,420,421,419],"class_list":["post-704","post","type-post","status-publish","format-standard","hentry","category-allgemein","category-domain","category-it","category-probleme","category-watching","tag-pingback","tag-ssrf","tag-vulnerability","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/posts\/704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/comments?post=704"}],"version-history":[{"count":1,"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/posts\/704\/revisions"}],"predecessor-version":[{"id":707,"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/posts\/704\/revisions\/707"}],"wp:attachment":[{"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/media?parent=704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/categories?post=704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lukas.kurth.rocks\/blog\/wp-json\/wp\/v2\/tags?post=704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}