Description
WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Blake Matheny · pythonwebappsphp
https://www.exploit-db.com/exploits/29522
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30013
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458003/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1564
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457996/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2191
Scores
EPSS
0.0776
EPSS Percentile
92.0%
Details
Status
published
Products (1)
wordpress/wordpress
< 2.0
Published
Jan 29, 2007
Tracked Since
Feb 18, 2026