Description

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

Remediation

References

CVE-2013-2173

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.3.0)

WordPress Plugin YouTube Advanced by Embed Plus Cross-Site Scripting (5.3)

WordPress Plugin DW Question & Answer Security Bypass (1.2.9)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-28331)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3732)

Severity

Medium

Classification

CVE-2013-2173

Tags

Missing Update Known Vulnerabilities