CVE-2013-2173

Severity

43%

Complexity

86%

Confidentiality

48%

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 11 years ago

2013-06-21 13:57:00

Last updated 11 years ago

2013-08-22 06:52:00

Affected Software

WordPress 3.5.1

3.5.1

References

20130613 Re: WordPress 3.5.1, Denial of Service

http://codex.wordpress.org/Version_3.5.2

[oss-security] 20130612 Re: CVE request: WordPress 3.5.1 denial of service vulnerability

http://wordpress.org/news/2013/06/wordpress-3-5-2/

DSA-2718

https://github.com/wpscanteam/wpscan/issues/219

https://vndh.net/note:wordpress-351-denial-service

Exploit

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.