CVE-2019-17669

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt