7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.371 Low
EPSS
Percentile
97.2%
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of
service (resource consumption) by using the large list of registered .js
files (from wp-includes/script-loader.php) to construct a series of
requests to load every file many times.
baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
launchpad.net/bugs/cve/CVE-2018-6389
nvd.nist.gov/vuln/detail/CVE-2018-6389
security-tracker.debian.org/tracker/CVE-2018-6389
thehackernews.com/2018/02/wordpress-dos-exploit.html
wpvulndb.com/vulnerabilities/9021
www.cve.org/CVERecord?id=CVE-2018-6389
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.371 Low
EPSS
Percentile
97.2%