WordPress Vulnerabilities
WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE
Description
The release notes state:
"Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE."
The attack consisted of creating a DoS condition on the MySQL database, which would make WordPress think that it has not been installed, presenting the installation wizard. The DoS attack would then need to be stopped. According the original researcher, the attack would be very hard to reproduce.
Affects WordPress
References
CVE
Miscellaneous
Original Researcher
Omar Ganiev
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-10-29 (about 3 years ago)
Added
2020-10-29 (about 3 years ago)
Last Updated
2020-11-03 (about 3 years ago)