CVE-2011-4957
EPSS 2.8%Published: 6/27/2012Modified: 5/27/2026
Description
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
Affected packages (1)
- Debian/wordpressfrom 0, < 3.2.1+dfsg-1