CVE-2018-6389 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2018-6389?

CVE-2018-6389 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-6389?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.

Vulnerability Description

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wordpress	Wordpress	<= 4.9.2

Related Weaknesses (CWE)

CWE-400

References

http://www.securityfocus.com/bid/103060Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040347Third Party AdvisoryVDB Entry
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.htmExploitIssue TrackingThird Party Advisory
https://github.com/UltimateHackers/ShivaExploitThird Party Advisory
https://github.com/WazeHell/CVE-2018-6389Third Party Advisory
https://thehackernews.com/2018/02/wordpress-dos-exploit.htmlExploitThird Party Advisory
https://wpvulndb.com/vulnerabilities/9021Third Party Advisory
https://www.exploit-db.com/exploits/43968/ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/103060Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040347Third Party AdvisoryVDB Entry
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.htmExploitIssue TrackingThird Party Advisory
https://github.com/UltimateHackers/ShivaExploitThird Party Advisory
https://github.com/WazeHell/CVE-2018-6389Third Party Advisory
https://thehackernews.com/2018/02/wordpress-dos-exploit.htmlExploitThird Party Advisory
https://wpvulndb.com/vulnerabilities/9021Third Party Advisory

FAQ

What is CVE-2018-6389?

CVE-2018-6389 is a vulnerability with a CVSS score of 7.5 (HIGH). In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to const...

How severe is CVE-2018-6389?

CVE-2018-6389 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-6389?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.