Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Input Validation Vulnerability (CVE-2011-4957)

Description

The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.

Remediation

References

Related Vulnerabilities

WordPress Plugin Custom Field Template Cross-Site Request Forgery (2.5.1)

WordPress Plugin YITH WooCommerce Order Tracking Security Bypass (1.2.10)

WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Security Bypass (1.12)

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.7.4)

Squid Operation on a Resource after Expiration or Release Vulnerability (CVE-2024-23638)

Severity

Medium

Classification

CVE-2011-4957 CWE-20

Tags

Missing Update Known Vulnerabilities