Description
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
Remediation
References
Related Vulnerabilities
CrushFTP Server Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1836)
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.10)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-9585)