WordPress Vulnerabilities

WP < 6.3.2 - Denial of Service via Cache Poisoning

Description

A Denial of Service could occur via Cache Poisoning when the X-HTTP-Method-Override header is sent in a request to the REST API in an heavily cached configuration

Affects WordPress

6.3.1
Fixed in WordPress 6.3.2
6.3
Fixed in WordPress 6.3.2
6.2.2
Fixed in WordPress 6.2.3
6.2.1
Fixed in WordPress 6.2.3
6.2
Fixed in WordPress 6.2.3
6.1.3
Fixed in WordPress 6.1.4
6.1.2
Fixed in WordPress 6.1.4
6.1.1
Fixed in WordPress 6.1.4
6.1
Fixed in WordPress 6.1.4
6.0.5
Fixed in WordPress 6.0.6
6.0.4
Fixed in WordPress 6.0.6
6.0.3
Fixed in WordPress 6.0.6
6.0.2
Fixed in WordPress 6.0.6
6.0.1
Fixed in WordPress 6.0.6
6.0
Fixed in WordPress 6.0.6
5.9.7
Fixed in WordPress 5.9.8
5.9.6
Fixed in WordPress 5.9.8
5.9.5
Fixed in WordPress 5.9.8
5.9.4
Fixed in WordPress 5.9.8
5.9.3
Fixed in WordPress 5.9.8
5.9.2
Fixed in WordPress 5.9.8
5.9.1
Fixed in WordPress 5.9.8
5.9
Fixed in WordPress 5.9.8
5.8.7
Fixed in WordPress 5.8.8
5.8.6
Fixed in WordPress 5.8.8
5.8.5
Fixed in WordPress 5.8.8
5.8.4
Fixed in WordPress 5.8.8
5.8.3
Fixed in WordPress 5.8.8
5.8.2
Fixed in WordPress 5.8.8
5.8.1
Fixed in WordPress 5.8.8
5.8
Fixed in WordPress 5.8.8
5.7.9
Fixed in WordPress 5.7.10
5.7.8
Fixed in WordPress 5.7.10
5.7.7
Fixed in WordPress 5.7.10
5.7.6
Fixed in WordPress 5.7.10
5.7.5
Fixed in WordPress 5.7.10
5.7.4
Fixed in WordPress 5.7.10
5.7.3
Fixed in WordPress 5.7.10
5.7.2
Fixed in WordPress 5.7.10
5.7.1
Fixed in WordPress 5.7.10
5.7
Fixed in WordPress 5.7.10
5.6.11
Fixed in WordPress 5.6.12
5.6.10
Fixed in WordPress 5.6.12
5.6.9
Fixed in WordPress 5.6.12
5.6.8
Fixed in WordPress 5.6.12
5.6.7
Fixed in WordPress 5.6.12
5.6.6
Fixed in WordPress 5.6.12
5.6.5
Fixed in WordPress 5.6.12
5.6.4
Fixed in WordPress 5.6.12
5.6.3
Fixed in WordPress 5.6.12
5.6.2
Fixed in WordPress 5.6.12
5.6.1
Fixed in WordPress 5.6.12
5.6
Fixed in WordPress 5.6.12
5.5.12
Fixed in WordPress 5.5.13
5.5.11
Fixed in WordPress 5.5.13
5.5.10
Fixed in WordPress 5.5.13
5.5.9
Fixed in WordPress 5.5.13
5.5.8
Fixed in WordPress 5.5.13
5.5.7
Fixed in WordPress 5.5.13
5.5.6
Fixed in WordPress 5.5.13
5.5.5
Fixed in WordPress 5.5.13
5.5.4
Fixed in WordPress 5.5.13
5.5.3
Fixed in WordPress 5.5.13
5.5.2
Fixed in WordPress 5.5.13
5.5.1
Fixed in WordPress 5.5.13
5.5
Fixed in WordPress 5.5.13
5.4.13
Fixed in WordPress 5.4.14
5.4.12
Fixed in WordPress 5.4.14
5.4.11
Fixed in WordPress 5.4.14
5.4.10
Fixed in WordPress 5.4.14
5.4.9
Fixed in WordPress 5.4.14
5.4.8
Fixed in WordPress 5.4.14
5.4.7
Fixed in WordPress 5.4.14
5.4.6
Fixed in WordPress 5.4.14
5.4.5
Fixed in WordPress 5.4.14
5.4.4
Fixed in WordPress 5.4.14
5.4.3
Fixed in WordPress 5.4.14
5.4.2
Fixed in WordPress 5.4.14
5.4.1
Fixed in WordPress 5.4.14
5.4
Fixed in WordPress 5.4.14
5.3.15
Fixed in WordPress 5.3.16
5.3.14
Fixed in WordPress 5.3.16
5.3.13
Fixed in WordPress 5.3.16
5.3.12
Fixed in WordPress 5.3.16
5.3.11
Fixed in WordPress 5.3.16
5.3.10
Fixed in WordPress 5.3.16
5.3.9
Fixed in WordPress 5.3.16
5.3.8
Fixed in WordPress 5.3.16
5.3.7
Fixed in WordPress 5.3.16
5.3.6
Fixed in WordPress 5.3.16
5.3.5
Fixed in WordPress 5.3.16
5.3.4
Fixed in WordPress 5.3.16
5.3.3
Fixed in WordPress 5.3.16
5.3.2
Fixed in WordPress 5.3.16
5.3.1
Fixed in WordPress 5.3.16
5.3
Fixed in WordPress 5.3.16
5.2.18
Fixed in WordPress 5.2.19
5.2.17
Fixed in WordPress 5.2.19
5.2.16
Fixed in WordPress 5.2.19
5.2.15
Fixed in WordPress 5.2.19
5.2.14
Fixed in WordPress 5.2.19
5.2.13
Fixed in WordPress 5.2.19
5.2.12
Fixed in WordPress 5.2.19
5.2.11
Fixed in WordPress 5.2.19
5.2.10
Fixed in WordPress 5.2.19
5.2.9
Fixed in WordPress 5.2.19
5.2.8
Fixed in WordPress 5.2.19
5.2.7
Fixed in WordPress 5.2.19
5.2.6
Fixed in WordPress 5.2.19
5.2.5
Fixed in WordPress 5.2.19
5.2.4
Fixed in WordPress 5.2.19
5.2.3
Fixed in WordPress 5.2.19
5.2.2
Fixed in WordPress 5.2.19
5.2.1
Fixed in WordPress 5.2.19
5.2
Fixed in WordPress 5.2.19
5.1.16
Fixed in WordPress 5.1.17
5.1.15
Fixed in WordPress 5.1.17
5.1.14
Fixed in WordPress 5.1.17
5.1.13
Fixed in WordPress 5.1.17
5.1.12
Fixed in WordPress 5.1.17
5.1.11
Fixed in WordPress 5.1.17
5.1.10
Fixed in WordPress 5.1.17
5.1.9
Fixed in WordPress 5.1.17
5.1.8
Fixed in WordPress 5.1.17
5.1.7
Fixed in WordPress 5.1.17
5.1.6
Fixed in WordPress 5.1.17
5.1.5
Fixed in WordPress 5.1.17
5.1.4
Fixed in WordPress 5.1.17
5.1.3
Fixed in WordPress 5.1.17
5.1.2
Fixed in WordPress 5.1.17
5.1.1
Fixed in WordPress 5.1.17
5.1
Fixed in WordPress 5.1.17
5.0.19
Fixed in WordPress 5.0.20
5.0.18
Fixed in WordPress 5.0.20
5.0.17
Fixed in WordPress 5.0.20
5.0.16
Fixed in WordPress 5.0.20
5.0.15
Fixed in WordPress 5.0.20
5.0.14
Fixed in WordPress 5.0.20
5.0.13
Fixed in WordPress 5.0.20
5.0.12
Fixed in WordPress 5.0.20
5.0.11
Fixed in WordPress 5.0.20
5.0.10
Fixed in WordPress 5.0.20
5.0.9
Fixed in WordPress 5.0.20
5.0.8
Fixed in WordPress 5.0.20
5.0.7
Fixed in WordPress 5.0.20
5.0.6
Fixed in WordPress 5.0.20
5.0.5
Fixed in WordPress 5.0.20
5.0.4
Fixed in WordPress 5.0.20
5.0.3
Fixed in WordPress 5.0.20
5.0.2
Fixed in WordPress 5.0.20
5.0.1
Fixed in WordPress 5.0.20
5.0
Fixed in WordPress 5.0.20
4.9.23
Fixed in WordPress 4.9.24
4.9.22
Fixed in WordPress 4.9.24
4.9.21
Fixed in WordPress 4.9.24
4.9.20
Fixed in WordPress 4.9.24
4.9.19
Fixed in WordPress 4.9.24
4.9.18
Fixed in WordPress 4.9.24
4.9.17
Fixed in WordPress 4.9.24
4.9.16
Fixed in WordPress 4.9.24
4.9.15
Fixed in WordPress 4.9.24
4.9.14
Fixed in WordPress 4.9.24
4.9.13
Fixed in WordPress 4.9.24
4.9.12
Fixed in WordPress 4.9.24
4.9.11
Fixed in WordPress 4.9.24
4.9.10
Fixed in WordPress 4.9.24
4.9.9
Fixed in WordPress 4.9.24
4.9.8
Fixed in WordPress 4.9.24
4.9.7
Fixed in WordPress 4.9.24
4.9.6
Fixed in WordPress 4.9.24
4.9.5
Fixed in WordPress 4.9.24
4.9.4
Fixed in WordPress 4.9.24
4.9.3
Fixed in WordPress 4.9.24
4.9.2
Fixed in WordPress 4.9.24
4.9.1
Fixed in WordPress 4.9.24
4.9
Fixed in WordPress 4.9.24
4.8.22
Fixed in WordPress 4.8.23
4.8.21
Fixed in WordPress 4.8.23
4.8.20
Fixed in WordPress 4.8.23
4.8.19
Fixed in WordPress 4.8.23
4.8.18
Fixed in WordPress 4.8.23
4.8.17
Fixed in WordPress 4.8.23
4.8.16
Fixed in WordPress 4.8.23
4.8.15
Fixed in WordPress 4.8.23
4.8.14
Fixed in WordPress 4.8.23
4.8.13
Fixed in WordPress 4.8.23
4.8.12
Fixed in WordPress 4.8.23
4.8.11
Fixed in WordPress 4.8.23
4.8.10
Fixed in WordPress 4.8.23
4.8.9
Fixed in WordPress 4.8.23
4.8.8
Fixed in WordPress 4.8.23
4.8.7
Fixed in WordPress 4.8.23
4.8.6
Fixed in WordPress 4.8.23
4.8.5
Fixed in WordPress 4.8.23
4.8.4
Fixed in WordPress 4.8.23
4.8.3
Fixed in WordPress 4.8.23
4.8.2
Fixed in WordPress 4.8.23
4.8.1
Fixed in WordPress 4.8.23
4.8
Fixed in WordPress 4.8.23
4.7.26
Fixed in WordPress 4.7.27
4.7.25
Fixed in WordPress 4.7.27
4.7.24
Fixed in WordPress 4.7.27
4.7.23
Fixed in WordPress 4.7.27
4.7.22
Fixed in WordPress 4.7.27
4.7.21
Fixed in WordPress 4.7.27
4.7.20
Fixed in WordPress 4.7.27
4.7.19
Fixed in WordPress 4.7.27
4.7.18
Fixed in WordPress 4.7.27
4.7.17
Fixed in WordPress 4.7.27
4.7.16
Fixed in WordPress 4.7.27
4.7.15
Fixed in WordPress 4.7.27
4.7.14
Fixed in WordPress 4.7.27
4.7.13
Fixed in WordPress 4.7.27
4.7.12
Fixed in WordPress 4.7.27
4.7.11
Fixed in WordPress 4.7.27
4.7.10
Fixed in WordPress 4.7.27
4.7.9
Fixed in WordPress 4.7.27
4.7.8
Fixed in WordPress 4.7.27
4.7.7
Fixed in WordPress 4.7.27
4.7.6
Fixed in WordPress 4.7.27
4.7.5
Fixed in WordPress 4.7.27
4.7.4
Fixed in WordPress 4.7.27
4.7.3
Fixed in WordPress 4.7.27
4.7.2
Fixed in WordPress 4.7.27
4.7.1
Fixed in WordPress 4.7.27
4.7
Fixed in WordPress 4.7.27

References

URL
https://wordpress.org/news/2023/10/wordpress-6-3-2-maintenance-and-security-release/

Miscellaneous

Original Researcher
s5s, raouf_maklouf
Verified
No
WPVDB ID
6d80e09d-34d5-4fda-81cb-e703d0e56e4f

Timeline

Publicly Published
2023-10-12 (about 2 years ago)
Added
2023-10-13 (about 2 years ago)
Last Updated
2023-10-13 (about 2 years ago)

Other

Published
Title
Published
2024-06-20
Title
WishList Member X < 3.26.7 - Unauthenticated Denial of Service
Published
2019-12-23
Title
BuddyPress < 5.1.1 - Denial of Service
Published
2019-11-05
Title
Safe SVG <= 1.9.4 - Denial of Service
Published
2025-03-27
Title
Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging
Published
2022-08-22
Title
Better Messages < 1.9.10.58 - Subscriber+ Denial Of Service