View Single Post

  Post #1 (permalink)   02-05-2018, 02:12 PM
HD Wizard
easyhostmedia's Avatar
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,356
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
WordPress isn’t going to patch it, either…
WordPress is the most popular Content Management System (CMS) in the entire world. In fact, WordPress powers 29% of the web. That’s why it’s alarming the company isn’t going to patch a DoS vulnerability that, when exploited, could easily bring down an entire website.

Let’s start back at the beginning.

Israeli research Barak Tawily discovered a vulnerability (CVE-2018-6389) in the way that “load-scripts.php” processes user-defined requests. “load-scripts.php” is a built-in script that was designed for users with admin permissions to help improve website performance and page load speeds by combining JavaScript files into a single request.

To do this, “load-scripts.php” calls the required JavaScript files by passing their names into its load parameter. Once it’s called every JavaScript file in a given URL it sends them back in a single file.

That’s a lot to untangle, maybe this comparison will help. This script acts kind of like a project manager would: they manage a bunch of different inputs from different team members, then organize it into one coherent document before presenting it to management.

see more at
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers