CVE-2007-0540

WordPress < 2.0 - Denial of Service via Pingback Service Calls

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0540. PoCs published by Blake Matheny.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in WordPress versions prior to 2.1 by abusing the Pingback feature to consume server resources. It sends multiple requests to a large file, causing memory and bandwidth exhaustion.

Description

WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Blake Matheny · pythonwebappsphp
https://www.exploit-db.com/exploits/29522

This exploit targets a denial-of-service (DoS) vulnerability in WordPress versions prior to 2.1 by abusing the Pingback feature to consume server resources. It sends multiple requests to a large file, causing memory and bandwidth exhaustion.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: WordPress < 2.1
No auth needed
Prerequisites: Target WordPress site with Pingback enabled · Access to a large file URL for amplification
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30013
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458003/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1564
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457996/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2191

Scores

EPSS 0.0723
EPSS Percentile 93.5%

Details

Status published
Products (1)
wordpress/wordpress < 2.0
Published Jan 29, 2007
Tracked Since Feb 18, 2026