Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites
The article here talks about how a single application level DoS (Denial of Service) has been found in WordPress sites that could potentially allow anyone to take down the website with just a single machine, something which was only possible in network level DDoS. The company has yet to patch the systems and most probably all the WordPress releases in the last 9 years are subjected to this attack. As per the article, the vulnerability was ‘Discovered by Israeli security researcher Barak Tawily, the vulnerability resides in the way “load-scripts.php,” a built-in script in WordPress CMS, processes user-defined requests.’ It is surprising because the load-scripts.php file essentially is used by system administrators to improve performance of the systems.
Lack of authentication in the home page has caused the load-scripts.php to be executed by anyone. All one needs to do is to call the php file to load all the JavaScript files by passing them into the URL
Leave a Reply
You must be logged in to post a comment.