WordPress – CVE-2018-6389 (DOS)

Description

During the scan, Kayran managed to find WordPress – Denial of Service (DOS) CVE-2018-6389 vulnerability. CVE-2018-6389 Exploit Can take down any WordPress site under the 4.9.3 version.
This flaw affects the load-scripts.php WordPress script. It receives a parameter called load[] .

In WordPress, until version 4.9.2, attackers could cause a denial of service (DoS) by using the large list of registered .js files (from wp-includes/script-loader.php). Allowing them to conduct a series of requests that will load every file multiple times.

Recommendation

In order to mitigate this vulnerability, implement rate-limiting.
Limit the number of requests each user can make in a given period of time.

References

https://cwe.mitre.org/data/definitions/400.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »