The Minify HTML plugin for WordPress is vulnerable to...
Moderate severity
Unreviewed
Published
Dec 13, 2024
to the GitHub Advisory Database
•
Updated Dec 13, 2024
Description
Published by the National Vulnerability Database
Dec 13, 2024
Published to the GitHub Advisory Database
Dec 13, 2024
Last updated
Dec 13, 2024
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages.
References