WP <= 6.1.1 – Unauthenticated Blind SSRF via DNS Rebinding
On my website, fluentreport.com, we encounter a security concern called "WP <= 6.1.1 – Unauthenticated Blind SSRF via DNS Rebinding" in WordPress version 6.1.1. This vulnerability enables an attacker to carry out a blind Server-Side Request Forgery (SSRF) attack utilizing DNS rebinding techniques, allowing them to access internal systems or services typically secured from external access. Can you please provide me with possible solutions to address this issue? Thank you.
I checked the WordPress index.php and found a bunch of jargon code inside.
The .htacess, index.php, was infected. I can't edit or delete them because they keep appearing repeatedly.