CVE-2016-4029

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.

Date published : 2016-08-07

http://codex.wordpress.org/Version_4.5

http://www.debian.org/security/2016/dsa-3681