Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites
https://thehackernews.com/2018/02/wordpress-dos-exploit.html
According to this article “Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites”, it describes that a simple but serious application-level denial of service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites. This vulnerability was discovered by Israeli who is a security researcher at Barak Waily blog website. He states that the vulnerability resides in the way “load-scripts.PHP,” which is a built-in script in WordPress CMS to processes user-defined requests. Load-scripts.php file is been designed for admin users to help a website improve performance. However, there is a vulnerability that user can force to load-scripts.php to get all possible JavaScript files from this user.
Donald Hoxhaj says
Shi,
Nice summary of the article. I am quite surprised that WordPress allows execution of the PHP file at run time by changing the parameters. A similar kind of flaw was witnessed a couple of years back when users can potentially change variable parameters of images in WordPress sites and identify information of websites without security logins. The patch needs to be done as soon as possible before it affects users. I am pretty sure a large percentage of SMBs use WordPress for their business needs.