CVE-2012-0937

Name of the Vulnerable Software and Affected Versions WordPress versions 3.3.1 and earlier

Description The issue allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter. This is possible because the installation component in WordPress does not limit the number of MySQL queries sent to external MySQL database servers. The vendor disputes the significance of this issue, citing that an incomplete WordPress installation might be present on the network for only a short time.

Recommendations For WordPress versions 3.3.1 and earlier, consider restricting access to the wp-admin/setup-config.php installation component to minimize the risk of exploitation. As a temporary workaround, limit the number of MySQL queries sent to external MySQL database servers until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.