WordPress Vulnerabilities

WP < 6.3.2 - Denial of Service via Cache Poisoning

Description

A Denial of Service could occur via Cache Poisoning when the X-HTTP-Method-Override header is sent in a request to the REST API in an heavily cached configuration

Affects WordPress

6.3.1
Fixed in WordPress 6.3.2
6.3
Fixed in WordPress 6.3.2
6.2.2
Fixed in WordPress 6.2.3
6.2.1
Fixed in WordPress 6.2.3
6.2
Fixed in WordPress 6.2.3
6.1.3
Fixed in WordPress 6.1.4
6.1.2
Fixed in WordPress 6.1.4
6.1.1
Fixed in WordPress 6.1.4
6.1
Fixed in WordPress 6.1.4
6.0.5
Fixed in WordPress 6.0.6
6.0.4
Fixed in WordPress 6.0.6
6.0.3
Fixed in WordPress 6.0.6
6.0.2
Fixed in WordPress 6.0.6
6.0.1
Fixed in WordPress 6.0.6
6.0
Fixed in WordPress 6.0.6
5.9.7
Fixed in WordPress 5.9.8
5.9.6
Fixed in WordPress 5.9.8
5.9.5
Fixed in WordPress 5.9.8
5.9.4
Fixed in WordPress 5.9.8
5.9.3
Fixed in WordPress 5.9.8
5.9.2
Fixed in WordPress 5.9.8
5.9.1
Fixed in WordPress 5.9.8
5.9
Fixed in WordPress 5.9.8
5.8.7
Fixed in WordPress 5.8.8
5.8.6
Fixed in WordPress 5.8.8
5.8.5
Fixed in WordPress 5.8.8
5.8.4
Fixed in WordPress 5.8.8
5.8.3
Fixed in WordPress 5.8.8
5.8.2
Fixed in WordPress 5.8.8
5.8.1
Fixed in WordPress 5.8.8
5.8
Fixed in WordPress 5.8.8
5.7.9
Fixed in WordPress 5.7.10
5.7.8
Fixed in WordPress 5.7.10
5.7.7
Fixed in WordPress 5.7.10
5.7.6
Fixed in WordPress 5.7.10
5.7.5
Fixed in WordPress 5.7.10
5.7.4
Fixed in WordPress 5.7.10
5.7.3
Fixed in WordPress 5.7.10
5.7.2
Fixed in WordPress 5.7.10
5.7.1
Fixed in WordPress 5.7.10
5.7
Fixed in WordPress 5.7.10
5.6.11
Fixed in WordPress 5.6.12
5.6.10
Fixed in WordPress 5.6.12
5.6.9
Fixed in WordPress 5.6.12
5.6.8
Fixed in WordPress 5.6.12
5.6.7
Fixed in WordPress 5.6.12
5.6.6
Fixed in WordPress 5.6.12
5.6.5
Fixed in WordPress 5.6.12
5.6.4
Fixed in WordPress 5.6.12
5.6.3
Fixed in WordPress 5.6.12
5.6.2
Fixed in WordPress 5.6.12
5.6.1
Fixed in WordPress 5.6.12
5.6
Fixed in WordPress 5.6.12
5.5.12
Fixed in WordPress 5.5.13
5.5.11
Fixed in WordPress 5.5.13
5.5.10
Fixed in WordPress 5.5.13
5.5.9
Fixed in WordPress 5.5.13
5.5.8
Fixed in WordPress 5.5.13
5.5.7
Fixed in WordPress 5.5.13
5.5.6
Fixed in WordPress 5.5.13
5.5.5
Fixed in WordPress 5.5.13
5.5.4
Fixed in WordPress 5.5.13
5.5.3
Fixed in WordPress 5.5.13
5.5.2
Fixed in WordPress 5.5.13
5.5.1
Fixed in WordPress 5.5.13
5.5
Fixed in WordPress 5.5.13
5.4.13
Fixed in WordPress 5.4.14
5.4.12
Fixed in WordPress 5.4.14
5.4.11
Fixed in WordPress 5.4.14
5.4.10
Fixed in WordPress 5.4.14
5.4.9
Fixed in WordPress 5.4.14
5.4.8
Fixed in WordPress 5.4.14
5.4.7
Fixed in WordPress 5.4.14
5.4.6
Fixed in WordPress 5.4.14
5.4.5
Fixed in WordPress 5.4.14
5.4.4
Fixed in WordPress 5.4.14
5.4.3
Fixed in WordPress 5.4.14
5.4.2
Fixed in WordPress 5.4.14
5.4.1
Fixed in WordPress 5.4.14
5.4
Fixed in WordPress 5.4.14
5.3.15
Fixed in WordPress 5.3.16
5.3.14
Fixed in WordPress 5.3.16
5.3.13
Fixed in WordPress 5.3.16
5.3.12
Fixed in WordPress 5.3.16
5.3.11
Fixed in WordPress 5.3.16
5.3.10
Fixed in WordPress 5.3.16
5.3.9
Fixed in WordPress 5.3.16
5.3.8
Fixed in WordPress 5.3.16
5.3.7
Fixed in WordPress 5.3.16
5.3.6
Fixed in WordPress 5.3.16
5.3.5
Fixed in WordPress 5.3.16
5.3.4
Fixed in WordPress 5.3.16
5.3.3
Fixed in WordPress 5.3.16
5.3.2
Fixed in WordPress 5.3.16
5.3.1
Fixed in WordPress 5.3.16
5.3
Fixed in WordPress 5.3.16
5.2.18
Fixed in WordPress 5.2.19
5.2.17
Fixed in WordPress 5.2.19
5.2.16
Fixed in WordPress 5.2.19
5.2.15
Fixed in WordPress 5.2.19
5.2.14
Fixed in WordPress 5.2.19
5.2.13
Fixed in WordPress 5.2.19
5.2.12
Fixed in WordPress 5.2.19
5.2.11
Fixed in WordPress 5.2.19
5.2.10
Fixed in WordPress 5.2.19
5.2.9
Fixed in WordPress 5.2.19
5.2.8
Fixed in WordPress 5.2.19
5.2.7
Fixed in WordPress 5.2.19
5.2.6
Fixed in WordPress 5.2.19
5.2.5
Fixed in WordPress 5.2.19
5.2.4
Fixed in WordPress 5.2.19
5.2.3
Fixed in WordPress 5.2.19
5.2.2
Fixed in WordPress 5.2.19
5.2.1
Fixed in WordPress 5.2.19
5.2
Fixed in WordPress 5.2.19
5.1.16
Fixed in WordPress 5.1.17
5.1.15
Fixed in WordPress 5.1.17
5.1.14
Fixed in WordPress 5.1.17
5.1.13
Fixed in WordPress 5.1.17
5.1.12
Fixed in WordPress 5.1.17
5.1.11
Fixed in WordPress 5.1.17
5.1.10
Fixed in WordPress 5.1.17
5.1.9
Fixed in WordPress 5.1.17
5.1.8
Fixed in WordPress 5.1.17
5.1.7
Fixed in WordPress 5.1.17
5.1.6
Fixed in WordPress 5.1.17
5.1.5
Fixed in WordPress 5.1.17
5.1.4
Fixed in WordPress 5.1.17
5.1.3
Fixed in WordPress 5.1.17
5.1.2
Fixed in WordPress 5.1.17
5.1.1
Fixed in WordPress 5.1.17
5.1
Fixed in WordPress 5.1.17
5.0.19
Fixed in WordPress 5.0.20
5.0.18
Fixed in WordPress 5.0.20
5.0.17
Fixed in WordPress 5.0.20
5.0.16
Fixed in WordPress 5.0.20
5.0.15
Fixed in WordPress 5.0.20
5.0.14
Fixed in WordPress 5.0.20
5.0.13
Fixed in WordPress 5.0.20
5.0.12
Fixed in WordPress 5.0.20
5.0.11
Fixed in WordPress 5.0.20
5.0.10
Fixed in WordPress 5.0.20
5.0.9
Fixed in WordPress 5.0.20
5.0.8
Fixed in WordPress 5.0.20
5.0.7
Fixed in WordPress 5.0.20
5.0.6
Fixed in WordPress 5.0.20
5.0.5
Fixed in WordPress 5.0.20
5.0.4
Fixed in WordPress 5.0.20
5.0.3
Fixed in WordPress 5.0.20
5.0.2
Fixed in WordPress 5.0.20
5.0.1
Fixed in WordPress 5.0.20
5.0
Fixed in WordPress 5.0.20
4.9.23
Fixed in WordPress 4.9.24
4.9.22
Fixed in WordPress 4.9.24
4.9.21
Fixed in WordPress 4.9.24
4.9.20
Fixed in WordPress 4.9.24
4.9.19
Fixed in WordPress 4.9.24
4.9.18
Fixed in WordPress 4.9.24
4.9.17
Fixed in WordPress 4.9.24
4.9.16
Fixed in WordPress 4.9.24
4.9.15
Fixed in WordPress 4.9.24
4.9.14
Fixed in WordPress 4.9.24
4.9.13
Fixed in WordPress 4.9.24
4.9.12
Fixed in WordPress 4.9.24
4.9.11
Fixed in WordPress 4.9.24
4.9.10
Fixed in WordPress 4.9.24
4.9.9
Fixed in WordPress 4.9.24
4.9.8
Fixed in WordPress 4.9.24
4.9.7
Fixed in WordPress 4.9.24
4.9.6
Fixed in WordPress 4.9.24
4.9.5
Fixed in WordPress 4.9.24
4.9.4
Fixed in WordPress 4.9.24
4.9.3
Fixed in WordPress 4.9.24
4.9.2
Fixed in WordPress 4.9.24
4.9.1
Fixed in WordPress 4.9.24
4.9
Fixed in WordPress 4.9.24
4.8.22
Fixed in WordPress 4.8.23
4.8.21
Fixed in WordPress 4.8.23
4.8.20
Fixed in WordPress 4.8.23
4.8.19
Fixed in WordPress 4.8.23
4.8.18
Fixed in WordPress 4.8.23
4.8.17
Fixed in WordPress 4.8.23
4.8.16
Fixed in WordPress 4.8.23
4.8.15
Fixed in WordPress 4.8.23
4.8.14
Fixed in WordPress 4.8.23
4.8.13
Fixed in WordPress 4.8.23
4.8.12
Fixed in WordPress 4.8.23
4.8.11
Fixed in WordPress 4.8.23
4.8.10
Fixed in WordPress 4.8.23
4.8.9
Fixed in WordPress 4.8.23
4.8.8
Fixed in WordPress 4.8.23
4.8.7
Fixed in WordPress 4.8.23
4.8.6
Fixed in WordPress 4.8.23
4.8.5
Fixed in WordPress 4.8.23
4.8.4
Fixed in WordPress 4.8.23
4.8.3
Fixed in WordPress 4.8.23
4.8.2
Fixed in WordPress 4.8.23
4.8.1
Fixed in WordPress 4.8.23
4.8
Fixed in WordPress 4.8.23
4.7.26
Fixed in WordPress 4.7.27
4.7.25
Fixed in WordPress 4.7.27
4.7.24
Fixed in WordPress 4.7.27
4.7.23
Fixed in WordPress 4.7.27
4.7.22
Fixed in WordPress 4.7.27
4.7.21
Fixed in WordPress 4.7.27
4.7.20
Fixed in WordPress 4.7.27
4.7.19
Fixed in WordPress 4.7.27
4.7.18
Fixed in WordPress 4.7.27
4.7.17
Fixed in WordPress 4.7.27
4.7.16
Fixed in WordPress 4.7.27
4.7.15
Fixed in WordPress 4.7.27
4.7.14
Fixed in WordPress 4.7.27
4.7.13
Fixed in WordPress 4.7.27
4.7.12
Fixed in WordPress 4.7.27
4.7.11
Fixed in WordPress 4.7.27
4.7.10
Fixed in WordPress 4.7.27
4.7.9
Fixed in WordPress 4.7.27
4.7.8
Fixed in WordPress 4.7.27
4.7.7
Fixed in WordPress 4.7.27
4.7.6
Fixed in WordPress 4.7.27
4.7.5
Fixed in WordPress 4.7.27
4.7.4
Fixed in WordPress 4.7.27
4.7.3
Fixed in WordPress 4.7.27
4.7.2
Fixed in WordPress 4.7.27
4.7.1
Fixed in WordPress 4.7.27
4.7
Fixed in WordPress 4.7.27

References

URL
https://wordpress.org/news/2023/10/wordpress-6-3-2-maintenance-and-security-release/

Miscellaneous

Original Researcher
s5s, raouf_maklouf
Verified
No
WPVDB ID
6d80e09d-34d5-4fda-81cb-e703d0e56e4f

Timeline

Publicly Published
2023-10-12 (about 7 months ago)
Added
2023-10-13 (about 6 months ago)
Last Updated
2023-10-13 (about 6 months ago)

Other

Published
Title
Published
2018-06-07
Title
Mass Pages/Posts Creator <= 1.2.4 - DoS
Published
2019-02-16
Title
PS PHPCaptcha < 1.2.0 -Denial of Service
Published
2022-05-24
Title
Rating by BestWebSoft < 1.6 - Rating Denial of Service
Published
2018-02-05
Title
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
Published
2022-07-11
Title
GiveWP < 2.21.3 - DoS via CSRF