Intrusion Prevention

WordPress.xmlrpc.php.wp.getUsersBlogs.Brute.Force

Description

This indicates an attack attempt against a Brute Force attack vulnerability in WordPress.
The vulnerability is caused by insufficient sanitizing of http requests for wp.getUsersBlogs calls. It allows a remote attacker to gain admin password on vulnerable systems by using brute force attack.

Affected Products

WordPress all version

Impact

Information Disclosure: Remote attacker can gain sensitive information on vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://isc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427

ID	38970
Created	Sep 09, 2014
Updated	Nov 03, 2015
Risk
CVE ID
Default Action	drop
Active
Affected OS	Windows, Linux
Affected App	PHP_app