High severity8.6OSV Advisory· Published Aug 7, 2016· Updated Jun 17, 2026
CVE-2016-4029
CVE-2016-4029
Description
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4(expand)+ 2 more
- (no CPE)
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <4.5
- (no CPE)range: <4.5
Patches
Vulnerability mechanics
References
5- core.trac.wordpress.org/querynvdPatch
- www.securitytracker.com/id/1036594nvdBroken LinkThird Party AdvisoryVDB Entry
- codex.wordpress.org/Version_4.5nvdRelease Notes
- www.debian.org/security/2016/dsa-3681nvdMailing List
- wpvulndb.com/vulnerabilities/8473nvdBroken Link
News mentions
0No linked articles in our index yet.