For your WordPress protection, be informed about the latest WordPress Core vulnerability IS STILL UNPATCHED since it’s first official report January 29, 2018 or it’s official disclosure date: Monday, February 5, 2018. All versions of WordPress starting with the latest 4.9.4 and below have the Application Denial of Service (DoS) type vulnerability.
Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. Limited resources include:
- File system storage
- Database connection pool entries
If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service that consumes all available resources. This would prevent valid users from accessing the WordPress website, and it could potentially have an impact on the surrounding hosting environment. For example, a memory exhaustion attack against an application could slow down the application as well as its host operating system.