CVE-2018-6389, a potential Denial of Service (DoS) flaw, was announced last week. VIP sites are not currently at risk from this attack.
As described, the vulnerability takes advantage of WordPress’ built-in script loader which concatenates internal JavaScript files into a single payload for use on the Login screen and the Dashboard. A large number of concurrent requests to the script loader could cause a DoS due to the increase in IO operations and bandwidth usage.
At VIP, our standard practices are designed to detect and mitigate these very types of attacks without making specialized changes to code outside of core. Our security team’s active monitoring approach is the strongest and most sustainable line of defense against potential threats like these.
If you have concerns or further questions about this vulnerability or anything else, please let us know.
WordPress VIP Lobby 