Description

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

Remediation

References

CVE-2013-2173

Related Vulnerabilities

WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Arbitrary File Upload (1.35.0)

WordPress Plugin Ecommerce-Two Factor Authentication Cross-Site Scripting (1.0.4)

Piwigo Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-40553)

Ruby Improper Authentication Vulnerability (CVE-2019-16201)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.23)

Severity

Medium

Classification

CVE-2013-2173

Tags

Missing Update Known Vulnerabilities