7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
wordpress is vulnerable to denial of service. The vulnerability exists in because an unauthenticated attacker is able to crash the application by submitting a large list of registered .js
files to cause each file to be loaded multiple times, leading to excessive resource consumption.
CPE | Name | Operator | Version |
---|---|---|---|
johnpbloch/wordpress | le | 5.4.2 | |
johnpbloch/wordpress-core | le | 5.4.2 | |
johnpbloch/wordpress | le | 5.4.2 | |
johnpbloch/wordpress-core | le | 5.4.2 |
www.securityfocus.com/bid/103060
www.securitytracker.com/id/1040347
baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
core.trac.wordpress.org/ticket/43308
github.com/UltimateHackers/Shiva
github.com/WazeHell/CVE-2018-6389
github.com/WordPress/WordPress/commit/24f0d521eaf9572e61dfac750eeca88af0a1dd46
github.com/WordPress/WordPress/commit/9de6b3acac8432e32e21d05c154e50904f88a393
github.com/WordPress/WordPress/pull/343
thehackernews.com/2018/02/wordpress-dos-exploit.html
wpvulndb.com/vulnerabilities/9021
www.exploit-db.com/exploits/43968/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P