Title: New 0-Day WordPress Exploit
Last modified: August 19, 2016

---

# New 0-Day WordPress Exploit

 *  1060893
 * [16 years, 7 months ago](https://wordpress.org/support/topic/new-0-day-wordpress-exploit/)
 * You can read more about it here , is there any soln yet
 * [http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/](http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/)

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [16 years, 7 months ago](https://wordpress.org/support/topic/new-0-day-wordpress-exploit/#post-1250114)
 * (Sips more coffee, makes skeptical noises.)
 * That’s not really a vulnerability in WordPress and here’s why: any DoS attack
   is background noise. Harmful background noise if it’s your server, but still 
   background noise.
 * Anyone can write a script and knock down any single server. It’s ~2 minutes of
   work to do if you type slowly. Apache2 comes with a great load tester that if
   you ramp up the threads and simultaneous requests, then BAM! unresponsive server.
 * Now a real vulnerability would be if flooding that WordPress file with info caused
   it to crash and execute arbitrary code that the attacker planned. Once an attacker
   can do that, you’ve got a real problem on your hands. The worm that went around
   hitting pre-2.8.4 code? Now that was a vulnerability.
 *  [nux](https://wordpress.org/support/users/nux/)
 * (@nux)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/new-0-day-wordpress-exploit/#post-1250197)
 * I just wanted to mention that the jarraltech.com post is plagiarized from [http://www.stevefortuna.com/new-0-day-wordpress-exploit/](http://www.stevefortuna.com/new-0-day-wordpress-exploit/)
 * And I disagree. Some overlooked code in WordPress is the cause for being able
   to overload a server. While you may be able to flood the server with requests
   to slow it down/overload it, you can’t call a function that actually uses up 
   CPU and memory to overload it.
 * All it takes is a handful of requests to essentially shut down a server.
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [16 years, 7 months ago](https://wordpress.org/support/topic/new-0-day-wordpress-exploit/#post-1250203)
 * Well, it looks like it’s about to be addressed in the trunk.
 * See [http://core.trac.wordpress.org/ticket/10980](http://core.trac.wordpress.org/ticket/10980)
   for more info.
 * Edit: also see [http://core.trac.wordpress.org/changeset/12057](http://core.trac.wordpress.org/changeset/12057)

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘New 0-Day WordPress Exploit’ is closed to new replies.

## Tags

 * [DOS](https://wordpress.org/support/topic-tag/dos/)
 * [exploit](https://wordpress.org/support/topic-tag/exploit/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 3 participants
 * Last reply from: [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * Last activity: [16 years, 7 months ago](https://wordpress.org/support/topic/new-0-day-wordpress-exploit/#post-1250203)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics