Description
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Photo Gallery Remote Code Execution (1.0)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Directory Traversal (2.4.19)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (4.0.9)
WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll SQL Injection (1.1.91)
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4117)