Vulnerability & Exploit Database

Back to search

Wordpress: CVE-2014-5266: Lack of limits on the number of elements in an XML document allows for Denial of Service (DoS) attacks

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) August 18, 2014 May 16, 2017 May 16, 2017

Available Exploits 

Description

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

wordpress-upgrade-3_9_2

Related Vulnerabilities