Description

WordPress is prone to a Denial of Service vulnerability which can be exploited by malicious people to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress versions prior to 3.7.4, 3.8.4 and 3.9.2 are vulnerable.

Remediation

Update to WordPress version 3.7.4, 3.8.4, 3.9.2 or latest

References

http://www.breaksec.com/?p=6362

http://codex.wordpress.org/Version_3.7.4

http://codex.wordpress.org/Version_3.8.4

http://codex.wordpress.org/Version_3.9.2

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Zoom Magnifier Security Bypass (1.3.11)

WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Upload (2.4.1)

WordPress Plugin Q and A FAQ and Knowledge Base for WordPress Multiple SQL Injection Vulnerabilities (1.0.6.2)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve Your SEO Rankings Cross-Site Scripting (2.2.2)

WordPress Plugin Hotjar Connecticator Cross-Site Scripting (1.1.1)

Severity

High

Classification

CVE-2014-5265 CWE-399 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Tags

Missing Update Denial Of Service