ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.1.0 - Multiple Vulnerabilities

Product
WordPress
Description
The attackers can cause a denial of service via a comment with a crafted URL that triggers many recursive calls, because the make_clickable function in wp-includes/formatting.php does not properly check URLs before passing them to the PCRE library.
Solution
Update WordPress.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2011-4957
Versions
Affected In <= 3.1.0
Fixed In 3.1.1
Disclosure date
2011-12-23
Credits
Henri Salo