CVE-2011-4957 in WordPressinfo

Summary

The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

12/23/2011

Disclosure

06/27/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
61131	WordPress PCRE make_clickable input validation	20	Not defined	Official fix	CVE-2011-4957

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!