virus logo Client Application Firewall

WordPress.xmlrpc.php.wp.getUsersBlogs.Brute.Force

description-logoDescription

This indicates an attack attempt against a Brute Force attack vulnerability in WordPress.
The vulnerability is caused by insufficient sanitizing of http requests for wp.getUsersBlogs calls. It allows a remote attacker to gain admin password on vulnerable systems by using brute force attack.

affected-products-logoAffected Products

WordPress all version

Impact logoImpact

Information Disclosure: Remote attacker can gain sensitive information on vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

References

https://isc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427
ID 38970
Created Sep 09, 2014
Updated Jun 27, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app
Profile Type Anomaly