CVE-2024-13896

Name of the Vulnerable Software and Affected Versions: WP-GeSHi-Highlight versions 1.4.3 and earlier

Description: The WP-GeSHi-Highlight WordPress plugin processes user-supplied input as a regular expression via the wp geshi filter replace code() function, which could lead to a Regular Expression Denial of Service (ReDoS) issue. This occurs because the plugin does not properly validate or sanitize the input, allowing an attacker to craft a malicious regular expression that could cause the plugin to consume excessive resources, leading to a denial of service.

Recommendations: For WP-GeSHi-Highlight versions 1.4.3 and earlier, consider disabling the wp geshi filter replace code() function until a patch is available to prevent potential ReDoS attacks. Restrict access to the plugin's syntax highlighting feature to minimize the risk of exploitation. Avoid using the plugin with untrusted user input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.