Description

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

Remediation

References

CVE-2013-2173

Related Vulnerabilities

WordPress Plugin Answer My Question Multiple Cross-Site Scripting Vulnerabilities (1.1)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2021-3450)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple SQL Injection Vulnerabilities (4.4.2)

WordPress Plugin Simple Custom CSS and JS Cross-Site Scripting (3.3)

WordPress Plugin Smooth Scroll Page Up/Down Buttons Cross-Site Scripting (1.3)

Severity

Medium

Classification

CVE-2013-2173

Tags

Missing Update Known Vulnerabilities