Recently, WordPress has published the DoS vulnerability (CVE-2018-6389) that affects all versions of WordPress. This vulnerability exists in almost all versions of WordPress released in the last nine years, including the latest one, version 4.9.2. The PoC demo video and a script that fixes this vulnerability have been released. However, the WordPress team refused to acknowledge this vulnerability.
WordPress is widely used. If you have installed WordPress, we recommend that you keep yourself updated with this vulnerability and check whether your WordPress is affected.
See the following for more information about the vulnerability.
DoS vulnerability in all versions of WordPress
Condition and method of exploitation
The vulnerability can be remotely exploited through PoC.
WordPress <= 4.9.2
Check whether any affected version of WordPress is used.
How to fix or mitigate
The patch scripts have been released. You can test and fix the WordPress based on your website’s business situation.
We recommend that you upgrade your WordPress to the latest version immediately.
Note: Perform a test and make a snapshot on your ECS instance to back up data before the upgrade.