CVE-2018-6389

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.9.3

Description The issue allows unauthenticated attackers to cause a denial of service by consuming resources. This can be achieved by constructing a series of requests to load a large number of registered .js files multiple times. There have been reports of this issue being exploited, including a denial of service attack on nordvpn.com.

Recommendations For WordPress versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the script-loader.php file to minimize the risk of exploitation.