5
CVE-2014-5266
- EPSS 76.31%
- Veröffentlicht 18.08.2014 11:15:27
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWordPress Core < 3.9.2 - Denial of Service via XML #2
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.4, 3.8.4, 3.9.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version7.0
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.7)
Version
3.7-3.7.3
Version
3.8-3.8.3
Version
3.9-3.9.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 76.31% | 0.989 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|