Hello, Upon a new installation of WordPress via the WPTK, an email is sent out to new customers (see attached). This is for WordPress <= 6.2 - Unauth. Blind SSRF vulnerability. We already disabled POST requests to the xmlrpc.php server-wide. Is there a way to skip this initial vulnerability email to new customers or execute something so they don't get this? It's making new customers nervous out of the gate with their WordPress installation. These emails are important, so I don't want to disable them for current customers; it's just this problem with new customers and a brand-new install of WordPress. Thanks.
Please sign in to leave a comment.