WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Denial of Service Vulnerability (3.5 - 3.6.1)

Description

WordPress is prone to a Denial of Service vulnerability which can be exploited by malicious people to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress versions prior to 3.7.4, 3.8.4 and 3.9.2 are vulnerable.

Remediation

Update to WordPress version 3.7.4, 3.8.4, 3.9.2 or latest

References

http://www.breaksec.com/?p=6362

http://codex.wordpress.org/Version_3.7.4

http://codex.wordpress.org/Version_3.8.4

http://codex.wordpress.org/Version_3.9.2

Related Vulnerabilities

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.16)

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Security Bypass (9.3)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)

WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)

WordPress Plugin St-Daily-Tip Cross-Site Request Forgery (4.7)

Severity

High

Classification

CVE-2014-5265 CWE-399 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Denial Of Service