Description
During the scan, Cytrix managed to find WordPress – Denial of Service (DOS) CVE-2018-6389 vulnerability. CVE-2018-6389 Exploit Can take down any WordPress site under the 4.9.3 version.
This flaw affects the load-scripts.php WordPress script. It receives a parameter called load[] .
In WordPress, until version 4.9.2, attackers could cause a denial of service (DoS) by using the large list of registered .js files (from wp-includes/script-loader.php). Allowing them to conduct a series of requests that will load every file multiple times.
Severity/Score
CVSS Version 3.x – 7.5 High
Recommendation
In order to mitigate this vulnerability, implement rate-limiting.
Limit the number of requests each user can make in a given period of time.