WordPress – CVE-2018-6389 (DOS)

Description

During the scan, Cytrix managed to find WordPress – Denial of Service (DOS) CVE-2018-6389 vulnerability. CVE-2018-6389 Exploit Can take down any WordPress site under the 4.9.3 version.
This flaw affects the load-scripts.php WordPress script. It receives a parameter called load[] .

In WordPress, until version 4.9.2, attackers could cause a denial of service (DoS) by using the large list of registered .js files (from wp-includes/script-loader.php). Allowing them to conduct a series of requests that will load every file multiple times.

Severity/Score

CVSS Version 3.x – 7.5 High

Recommendation

In order to mitigate this vulnerability, implement rate-limiting.
Limit the number of requests each user can make in a given period of time.

References

https://cwe.mitre.org/data/definitions/400.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »