Description
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.
Remediation
References
Related Vulnerabilities
WordPress Plugin SiteGround Security Security Bypass (1.2.5)
WordPress Plugin Powerplay Gallery 'upload.php' Arbitrary File Upload (3.2)
WordPress Plugin Favicon by RealFaviconGenerator Unspecified Vulnerability (1.2.13)
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Request Forgery (3.0.6)