WP-Syntax <= 1.2 – Author+ Potential ReDoS | CVE 2024-13926

Description

The plugin does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS.

Proof of Concept

1. Generate the payload (for example with str_repeat('<pre lang="php">', 20000) in PHP)
2. As an author, publish a new post containing the payload
3. Monitor CPU usage and load average of server
4. Trigger 20 concurrent requests to the page containing the payload

Each request uses 100 % of a CPU core for a couple of seconds (depending on CPU power). This was reproduced on an Intel i7 2.80GHz CPU.

Script and payload available at:
https://gist.github.com/Rudloff/9d8e016a76b57ce7cee25447a4e1e0a8