WordPress – CVE-2018-6389 (DOS)

Description

CVE-2018-6389 Exploit Can take down any WordPress site under 4.9.3

The flaw affects the load-scripts.php WordPress script, it receives a parameter called load[]

Bussines Impact

In WordPress through 4.9.2, attackers can cause a denial of service by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file multiple times.

Recommendation

In order to mitigate this vulnerability, implement rate-limiting, limit the number of requests a visitor can make in a given time period.

Reference

https://cwe.mitre.org/data/definitions/400.html