WordPress Vulnerability CVE-2018-6389

9 Feb 2018

A new WordPress vulnerability was discovered by Israeli researcher Barak Tawily.

According to the official WordPress website, 29% of the existing websites use this platform and, therefore, are affected by this vulnerability.

The problem lies upon the load-scripts.php file, which purpose is to retrieve several Javascript packages through one single request, such as bootstrap, jquery, and jqueryUI, among others.

It is possible to create a special request to retrieve a huge quantity of different Javascripts, resulting in a high CPU resource and high bandwidth usage.

Using a simple tool, it is possible to send hundreds of requests per second, which can easily increase RAM and CPU usage to the limit, resulting in a web server failure that would prevent users from accessing the attacked website or any other websites hosted on the same server.

These exploits are available at the exploit-db.com website.

It should be noted that WordPress version 4.9.4 was published yesterday, and it does not include any patch to fix this issue.

We consider this vulnerability as a major risk for all companies with corporate WordPress websites, since attackers can easily prevent hosting web servers from working, which can negatively impact the image of such companies, forcing time and resources spent on the resolution of this vulnerability.

The solution is not easy, and there is no official fix to date, plus the firewall rules that may possibly be created are not able to tell an actual attack from a legit script request.

At ORC Webhosting, we have created an intelligent solution to protect our clients, which can determine whether a request comes from an authenticated WordPress user or not, to then prevent an attack or allow the script usage, accordingly.