Description
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.
Remediation
References
Related Vulnerabilities
PleskWin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0132)
WordPress Plugin Product Addons & Fields for WooCommerce Arbitrary File Upload (1.1)
Django Improper Input Validation Vulnerability (CVE-2010-4535)
WordPress Plugin ClickDesk Live Support-Live Chat-Help Desk Cross-Site Scripting (4.2)