WordPress – CVE-2018-6389 (DOS)


During the scan, Kayran managed to find WordPress – Denial of Service (DOS) CVE-2018-6389 vulnerability. CVE-2018-6389 Exploit Can take down any WordPress site under the 4.9.3 version.
This flaw affects the load-scripts.php WordPress script. It receives a parameter called load[] .

In WordPress, until version 4.9.2, attackers could cause a denial of service (DoS) by using the large list of registered .js files (from wp-includes/script-loader.php). Allowing them to conduct a series of requests that will load every file multiple times.


CVSS Version 3.x – 7.5 High


In order to mitigate this vulnerability, implement rate-limiting.
Limit the number of requests each user can make in a given period of time.



< Return to all Vulnerabilities

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »