Back to search
CVE-2011-4957
Published: Jun 27, 2012
Modified: Sep 17, 2024
PUBLISHED
Description
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1
mailing-list
x_refsource_MLIST
44038
third-party-advisory
x_refsource_SECUNIA
http://wordpress.org/news/2011/04/wordpress-3-1-1/
x_refsource_CONFIRM
http://core.trac.wordpress.org/ticket/16892
x_refsource_CONFIRM
49138
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1
mailing-list
x_refsource_MLIST
DSA-2470
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now