A new update to the WordPress open-source blogging and content management system (CMS) has been released that patches a pair of security vulnerabilities and includes 17 bug fixes that improve functionality.
One of the patched security vulnerabilities in Version 4.4.2 of WordPress was identified as a possible Server-Side Request Forgery (SSRF) vulnerability that can impact local addresses. The actual WordPress code commit that fixes the SSRF issue simply states that “0.1.2.3 is not a valid IP.”