← back
CVE-2018-6389

CVE-2018-6389

EPSS 73.1%
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Affected products
n/a · n/a
public PoCs found24
githubgithub.com/s0md3v/Shiva130githubgithub.com/safebuffer/CVE-2018-638982githubgithub.com/ItinerisLtd/trellis-cve-2018-638913githubgithub.com/knqyf263/CVE-2018-638910githubgithub.com/omidsec/CVE-2018-63896githubgithub.com/Zazzzles/Wordpress-DOS4githubgithub.com/ianxtianxt/CVE-2018-63893githubgithub.com/JavierOlmedo/wordpress-cve-2018-63892githubgithub.com/dsfau/wordpress-CVE-2018-63892githubgithub.com/m3ssap0/wordpress_cve-2018-63892githubgithub.com/JulienGadanho/cve-2018-6389-php-patcher1githubgithub.com/vineetkia/Wordpress-DOS-Attack-CVE-2018-63891githubgithub.com/yolabingo/wordpress-fix-cve-2018-63891githubgithub.com/armaanpathan12345/WP-DOS-Exploit-CVE-2018-63891githubgithub.com/mudhappy/Wordpress-Hack-CVE-2018-63890githubgithub.com/rastating/modsecurity-cve-2018-63890githubgithub.com/fakedob/tvsz0githubgithub.com/alessiogilardi/PoC---CVE-2018-63890githubgithub.com/BlackRouter/cve-2018-63890githubgithub.com/thechrono13/PoC---CVE-2018-63890githubgithub.com/amit-pathak009/CVE-2018-6389-FIX0githubgithub.com/Jetserver/CVE-2018-6389-FIX0exploitdbwww.exploit-db.com/exploits/43968unverifiedcve_referencewww.exploit-db.com/exploits/43968/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.htmlhttps://github.com/UltimateHackers/Shivahttps://github.com/WazeHell/CVE-2018-6389https://thehackernews.com/2018/02/wordpress-dos-exploit.htmlhttps://wpvulndb.com/vulnerabilities/9021https://www.exploit-db.com/exploits/43968/http://www.securityfocus.com/bid/103060http://www.securitytracker.com/id/1040347