• WordPress is prone to a Denial of Service vulnerability which can be exploited by malicious people to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress versions 4.0.x ranging from 4.0 and up to (and including) 4.0.22 are vulnerable.

• Evaluate and apply the suggested patch

• • https://baraktawily.blogspot.ro/2018/02/how-to-dos-29-of-world-wide-websites.html
  • https://www.youtube.com/watch?v=nNDsGTalXS0
  • https://github.com/Quitten/WordPress/blob/master/wp-dos-patch.sh
  • https://www.exploit-db.com/exploits/43968/
  • https://packetstormsecurity.com/files/146249/WordPress-Core-Denial-Of-Service.html
  • https://www.rastating.com/protecting-wordpress-against-cve-2018-6389/

• 

• CVE-2018-6389

• CWE-400

• Missing Update Denial Of Service

• WordPress Plugin Style It Cross-Site Scripting (1.0)
• WordPress Plugin Users Ultra Membership Cross-Site Scripting (1.5.78)
• WordPress Plugin Transposh WordPress Translation Cross-Site Scripting (0.8.3)
• WordPress Plugin Content Blocks (Custom Post Widget) Cross-Site Scripting (3.0)
• WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)