Regular Expression Denial of Service Vulnerability in Minify HTML Plugin for WordPress
CVE-2024-12579
5.3MEDIUM
What is CVE-2024-12579?
The Minify HTML plugin for WordPress exhibits a vulnerability that allows for a Regular Expression Denial of Service (ReDoS) attack. This issue arises from the way user-supplied input is processed within regular expressions, potentially leading to catastrophic backtracking during comment submissions. This exploitation can result in significant disruption to website functionality. Attackers can leverage this vulnerability to overload the server, leading to performance degradation or complete service outages, particularly affecting sites running versions up to and including 2.1.10 of the plugin.
Affected Version(s)
Minify HTML * <= 2.1.10