edit-icon download-icon

[Vulnerability notice] DoS vulnerability in WordPress

Last Updated: Apr 18, 2018

Vulnerability description

WordPress does not limit the number of parameters in an XML file. As a result, an attacker can remotely inject malicious content into an XML file, which directly causes DoS attacks to target servers.

Affected scope

  • WordPress 3.9.x-3.9.1
  • WordPress 3.8.x-3.8.3
  • WordPress 3.7.x-3.7.3
  • WordPress 3.6.x
  • WordPress 3.5.x

How to fix

  • Delete xmlrpc.php from the WordPress root directory.

  • Upgrade WordPress to the latest official version.

Thank you! We've received your feedback.