CVE-2016-4029
Publication date 7 August 2016
Last updated 26 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| wordpress | 26.04 LTS resolute |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Ignored end of standard support, was needed | |
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
8.6 · High
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N