WordPress <= 6.1.1 – Unauth. Blind SSRF vulnerability

A CVE (tracking number) was recently issues for a long standing DNS re-binding exploit (and with a CVE, the security plugins now toot it).
It has a very low priority, since it relies on someone hijacking your server’s DNS resolver, you can find some details, and responses, at?https://portswigger.net/daily-swig/six-year-old-blind-ssrf-vulnerability-in-wordpress-core-feature-could-enable-ddos-attacks

How can i fixed this

Buenos días, tengo exactamente el mismo problema.
Y se me están instalando carpetas extra?as en la raíz del directorio de la web.

#WordPress <= 6.1.1 – Unauth. Blind SSRF vulnerability
-Vulnerability type: Server Side Request Forgery (SSRF)
-No Update Available

?Qué puedo hacer para solucionarlo?
Gracias.

@desingshine Please read my reply, above.

According to the post from @sterndata , it uses the pingback functionality?of WordPress. So probably a good idea to uncheck pingbacks under /wp-admin/options-discussion.php. It seems like the security plugins should see that you’ve done this instead of just listing the vulnerability. I believe WPEngine is disabling the XMLRPC API although it might be on on older installed sites. Also the original post has a filter to add to functions.php of your child theme that can turn-off the pingback functionality globally. I believe this has been best practice since the vulnerability first came out.

Lo voy a probar, muchísimas gracias 4briang!