WordPress v4.5.3 vulnerable to Denial of Service (DoS) exploits via CVE-2016-6896 and CVE-2016-6897 – Here’s how to fix it
If your website runs on WordPress v4.5.3 website, attackers can now bring down your site through a Denial of Service attack. This is possible through two vulnerabilities that were disclosed on 22nd Aug:
- CVE-2016-6897 – This is a Cross Site Request Forgery vulnerability by which an attacker can take over an authenticated user’s session (privilege escalation) using a forged HTML page.
- CVE-2016-6896 – This is a Directory Traversal vulnerability which can be used by an attacker to crash the web server.