CVE-2024-12579

{"id": "CVE-2024-12579", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-12-13T05:15:07.473", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3203890/minify-html-markup", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80334e81-c33d-464c-9409-f49c34681890?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages."}, {"lang": "es", "value": "El complemento Minify HTML para WordPress es vulnerable a la denegaci\u00f3n de servicio por expresi\u00f3n regular (ReDoS) en todas las versiones hasta la 2.1.10 incluida. Esto se debe al procesamiento de la entrada proporcionada por el usuario como una expresi\u00f3n regular. Esto hace posible que atacantes no autenticados creen comentarios que pueden causar retrocesos catastr\u00f3ficos y romper p\u00e1ginas."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@wordfence.com"}