Description
wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.
References (7)
Core 7
Core References
Exploit x_refsource_misc
https://vndh.net/note:wordpress-351-denial-service
Product x_refsource_confirm
http://wordpress.org/news/2013/06/wordpress-3-5-2/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2718
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/06/12/2
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-06/0052.html
Product x_refsource_confirm
http://codex.wordpress.org/Version_3.5.2
Issue Tracking x_refsource_misc
https://github.com/wpscanteam/wpscan/issues/219
Scores
EPSS
0.0168
EPSS Percentile
82.4%
Details
CWE
CWE-310
Status
published
Products (1)
wordpress/wordpress
3.5.1
Published
Jun 21, 2013
Tracked Since
Feb 18, 2026