Description
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
Remediation
References
Related Vulnerabilities
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3667)
WordPress Plugin Re-attacher by BestWebSoft Cross-Site Scripting (1.0.8)
MySQL CVE-2023-22053 Vulnerability (CVE-2023-22053)
WordPress Plugin WP Mail Logging Cross-Site Scripting (1.8.2)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1507)