Regular Expression Denial of Service Vulnerability in Minify HTML Plugin for WordPress
CVE-2024-12579
5.3MEDIUM
Summary
The Minify HTML plugin for WordPress exhibits a vulnerability that allows for a Regular Expression Denial of Service (ReDoS) attack. This issue arises from the way user-supplied input is processed within regular expressions, potentially leading to catastrophic backtracking during comment submissions. This exploitation can result in significant disruption to website functionality. Attackers can leverage this vulnerability to overload the server, leading to performance degradation or complete service outages, particularly affecting sites running versions up to and including 2.1.10 of the plugin.
Affected Version(s)
Minify HTML * <= 2.1.10
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Pierre Rudloff