Description

WordPress is prone to a vulnerability which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to the 'wp-register.php' script against which attackers can trigger repeated registration to cause a high CPU load, potentially resulting in a Denial of Service. WordPress versions 2.0.1 and prior are all vulnerable.

Remediation

Update to WordPress version 2.0.2 or latest

References

http://www.securityfocus.com/archive/1/427152/30/0/threaded

http://packetstormsecurity.org/files/44497/HYSA-2006-005.txt

http://www.securiteam.com/exploits/5NP062KI0C.html

Related Vulnerabilities

WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA Multiple Cross-Site Scripting Vulnerabilities (0.4.3)

WordPress Plugin Scoutnet Kalender Cross-Site Scripting (1.1.0)

WordPress Plugin YITH Color and Label Variations for WooCommerce Security Bypass (1.8.11)

WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)

WordPress Plugin LeagueManager SQL Injection (3.8)

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Denial Of Service