In a new blog post, researchers from Imperva discuss a zero-day vulnerability in WordPress core that was just disclosed. The vulnerability allows an attacker to perform a denial of service (DoS) attack against a vulnerable application and exists in the modules used to load JS and CSS files. These modules were designed to decrease page-loading time, but have effectively rendered the WordPress core susceptible to DoS attacks. WordPress holds a market share of more than 29 percent of internet websites and 60 percent of content management systems (CMS) worldwide, turning any vulnerability in the WordPress core into a potentially large-scale exploit. Ben Herzberg, Head of Threat Research at Imperva commented below.
Ben Herzberg, Head of Threat Research at Imperva:
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.