WordPress – CVE-2018-6389 (DOS)

Description

During the scan, Kayran managed to find WordPress – Denial of Service (DOS) CVE-2018-6389 vulnerability. CVE-2018-6389 Exploit Can take down any WordPress site under the 4.9.3 version.
This flaw affects the load-scripts.php WordPress script. It receives a parameter called load[] .

In WordPress, until version 4.9.2, attackers could cause a denial of service (DoS) by using the large list of registered .js files (from wp-includes/script-loader.php). Allowing them to conduct a series of requests that will load every file multiple times.

Severity/Score

CVSS Version 3.x – 7.5 High

Recommendation

In order to mitigate this vulnerability, implement rate-limiting.
Limit the number of requests each user can make in a given period of time.

References

https://cwe.mitre.org/data/definitions/400.html

< Return to all Vulnerabilities

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »