WordPress Trackback < 2.8.5 Denial of Service

If you are running WordPress < 2.8.5 and finding your blog inaccessible at times this post may be for you.

A denial of vulnerability was released back in Oct 2009 that affects < WordPress 2.8.5.

The exploit sends a continuous stream of POST requests with overly large blog titles to wp-trackback.php. This could result in the attacker using up all available memory on the affected blog (memory exhaustion attack).

This issue has already been addressed in WordPress 2.8.5 (Oct 2009). This is already old news but some of our readers may have missed it.

This vulnerability discovery is credited to jcarlosn.

Random Posts

• OWASP Talk: PHP Code Analysis: Real World Examples
• Critical phpMyAdmin Vulnerabilities Discovered
• Blog Under Siege
• WordPress 2.3.3 Directory Traversal Vulnerability
• Facebook: What they really have on you

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Copyright 2007. BlogSecurity. All rights reserved

• Home
• About
• Advertise
• BlogSec News
• Contact Us
• WPSCAN