CVE-2024-13926 | THREATINT

Description

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS.

PUBLISHED Reserved 2025-03-13 | Published 2025-04-19 | Updated 2025-08-27 | Assigner WPScan

Problem types

CWE-1333 Inefficient Regular Expression Complexity

Product status

Default status

affected

Any version

affected

Credits

Pierre Rudloff finder

WPScan coordinator

References

wpscan.com/...rability/b5f0092e-7cd5-412f-a8ea-7bd4a8bf86d2/ exploit vdb-entry technical-description

cve.org (CVE-2024-13926)

nvd.nist.gov (CVE-2024-13926)

Download JSON