Description
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
Remediation
References
Related Vulnerabilities
WordPress Plugin Browser Screenshots Cross-Site Scripting (1.7.5)
WordPress Plugin Popup box SQL Injection (2.3.3)
Jboss EAP Improper Input Validation Vulnerability (CVE-2020-1757)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.10)
WordPress Plugin Sexy Add Template Cross-Site Request Forgery (1.0)