Summaryinfo

A vulnerability categorized as problematic has been discovered in WordPress up to 3.9.1. Impacted is an unknown function of the component XML Handler. Such manipulation leads to denial of service. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in WordPress up to 3.9.1 (Content Management System). It has been rated as problematic. Affected by this issue is an unknown functionality of the component XML Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability.

The weakness was disclosed 08/06/2014 by Nir Goldshlager as WordPress 3.9.2 Security Release as confirmed release notes (Website). The advisory is shared for download at wordpress.org. The attack may be launched remotely. There are neither technical details nor an exploit publicly available.

Upgrading to version 3.9.2 eliminates this vulnerability. The upgrade is hosted for download at wordpress.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at SecurityTracker (ID 1030684†). The entries VDB-67291, VDB-67295, VDB-67294 and VDB-67293 are pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Content Management System

Name

• WordPress

Version

• 3.9
• 3.9 Beta1
• 3.9 Beta2
• 3.9 Beta3
• 3.9 rc1
• 3.9 rc2
• 3.9.0
• 3.9.1

License

• open-source

Website

• Product: https://wordpress.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion