Description
WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)
Internet Information Services Other Vulnerability (CVE-2000-0126)
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2017-6370)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2018-14883)
WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.5.51)