CVE-2024-12579

MEDIUM

Minify HTML <= 2.1.10 - Unauthenticated Regular Expression Denial of Service via Comment Processing

Title source: llm
STIX 2.1

Description

The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages.

References (2)

Core 2

Scores

CVSS v3 5.3
EPSS 0.0033
EPSS Percentile 24.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (1)
teckel/Minify HTML < 2.1.10
Published Dec 13, 2024
Tracked Since Feb 18, 2026