There is a serious application-level denial-of-service (DoS) vulnerability in older versions of WordPress CMS platform. It could potentially take down most WordPress websites. This vulnerability requires the least effort. The attacker can attack without a large bandwidth, as required in DoS attacks. The attacker can use load scripts to call all the possible JavaScript files. This, in turn, reduces the performance of the website as the scripts consume high CPU and server memory. In WordPress version 4.9.2, it allowed an unauthenticated user to perform a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php). The attacker uses this file to construct continuous requests to load each file many times.
This vulnerability was first discovered by an Israeli security researcher named Barak Tawil. The researcher found that the vulnerability persists in “load-scripts.php,” a built-in script in WordPress CMS. This script was used to processes user-defined requests. The load-scripts.php file is a file designed for admin users only for helping them to improve the performance of their website. load-scripts.php was also able to improve performance and could load the page faster by combining (on the server end) multiple JavaScript files into a single request. If this file is placed in admin login without any authentication, this file will be available to the public.
Impact
The impact for this vulnerability include:-
- The end users will not get the required result.
- The attacker could deny the access to the web application
Impact and Fixes
