VDB

CVE-2018-6389

CVE-2018-6389 PUBLISHED

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

EPSS 87.48% · 99.5th percentile

Risk Scores

EPSS Score
87.48%
99.5th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSwordpress0, *, 4.9.5+dfsg1-1
Ubuntu:22.04:LTSwordpress*, 0, 5.7.1+dfsg1-2ubuntu1
Ubuntu:20.04:LTSwordpress5.2.2+dfsg1-1, 0, *
Ubuntu:24.04:LTSwordpress6.2+dfsg1-1ubuntu1, 0, *
Ubuntu:25.10wordpress0, 6.7.2+dfsg1-1.1ubuntu1
Ubuntu:16.04:LTSwordpress4.3.1+dfsg-1, 0, 4.4.1+dfsg-1

Exploit Intelligence

…and 249 more exploits

Timeline

  • CVE Published
  • Feb 5, 2018 PoC Published
  • Jan 8, 2020 PoC Published
  • Jan 9, 2020 PoC Published
  • Jan 17, 2020 PoC Published
  • Feb 18, 2020 PoC Published
  • Feb 29, 2020 PoC Published
  • Mar 19, 2020 PoC Published
  • Apr 2, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • May 7, 2021 PoC Published
  • Aug 18, 2021 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›