← back
CVE-2018-6389

CVE-2018-6389

EPSS 73.1%
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (130 stars) — exploitation code widely available.
CVSS EPSS 73.1%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
05 Feb 2018Public PoC
06 Feb 2018Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.