Description
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
Remediation
References
Related Vulnerabilities
WordPress Plugin Conditional Marketing Mailer for WooCommerce Security Bypass (1.5.1)
WebLogic CVE-2021-2376 Vulnerability (CVE-2021-2376)
WordPress Plugin Twitter Friends Widget Cross-Site Scripting (3.1)
WordPress Plugin Powie's WHOIS Domain Check Cross-Site Scripting (0.9.31)
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)