WordPress Plugin Vulnerabilities

WP-GeSHi-Highlight <= 1.4.3 - Author+ ReDoS

Description

The plugin processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue

Proof of Concept

Affects Plugins

Plugin icon
wp-geshi-highlight
No known fix

References

CVE
CVE-2024-13896

Miscellaneous

Original Researcher
Pierre Rudloff
Submitter
Pierre Rudloff
Verified
Yes
WPVDB ID
b8b622ea-e090-45ad-8755-b050fc055231

Timeline

Publicly Published
2025-03-20 (about 9 months ago)
Added
2025-03-20 (about 9 months ago)
Last Updated
2025-03-20 (about 9 months ago)

Other

Published
Title
Published
2016-06-21
Title
WordPress 4.5.2 - oEmbed Denial of Service (DoS)
Published
2021-12-06
Title
Stars Rating < 3.5.1 - Comments Denial of Service
Published
2018-02-05
Title
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
Published
2022-12-09
Title
Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure
Published
2024-12-12
Title
Minify HTML < 2.1.11 - - Regular Expressions Denial of Service