ID CVE-2018-6389
Summary In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
References
Vulnerable Configurations
  • WordPress 4.9.2
    cpe:2.3:a:wordpress:wordpress:4.9.2
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-399
CAPEC
exploit-db via4
description WordPress Core - 'load-scripts.php' Denial of Service. CVE-2018-6389. Dos exploit for PHP platform. Tags: WordPress Core
file exploits/php/dos/43968.py
id EDB-ID:43968
last seen 2018-02-05
modified 2018-02-05
platform php
port
published 2018-02-05
reporter Exploit-DB
source https://www.exploit-db.com/download/43968/
title WordPress Core - 'load-scripts.php' Denial of Service
type dos
packetstorm via4
refmap via4
bid 103060
misc
sectrack 1040347
the hacker news via4
id THN:4C1AA050916A4EAA3D2C993C0287B604
last seen 2018-02-05
modified 2018-02-05
published 2018-02-05
reporter Mohit Kumar
source https://thehackernews.com/2018/02/wordpress-dos-exploit.html
title Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites
Last major update 06-02-2018 - 12:29
Published 06-02-2018 - 12:29
Last modified 05-03-2018 - 21:29
Back to Top