{"vulnerability": "cve-2018-6389", "sightings": [{"uuid": "c96c6958-556c-49e9-8be6-e0e486fe10b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/codeby_sec/1344", "content": "#pentest #vulnerability \nCVE-2018-6389 - Wordpress DOS", "creation_timestamp": "2018-04-09T06:36:01.000000Z"}, {"uuid": "e7aa46c4-3354-463f-a81c-84edac948fab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/D4RKW0R1D/6418", "content": "FROM INTERNET\n\n1)CVE-2018-6389 exploitation - using scripts loader\nhttps://hackerone.com/reports/925425\n\n2)No DMARC record at cordacon.com\nhttps://hackerone.com/reports/1125143\n\n3)Fortinet FortiWeb OS Command Injection\nhttps://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/\n\n4)How I found read/write access to the personal data of 3 million users of an E-commerce website?\nhttps://medium.com/@psr595bro/how-i-found-read-write-access-to-the-personal-data-of-3-million-users-of-an-e-commerce-website-b9026b0d4bd3\n\n5)Secure Coding Handbook\nhttps://vladtoie.gitbook.io/secure-coding/\n\n6)Top 10 Kubernetes Application Security Hardening Techniques\nhttps://blog.aquasec.com/kubernetes-hardening-techniques?utm_campaign=General%20website&utm_medium=email&_hsmi=150580512&_hsenc=p2ANqtz-97I89xNVbSDmrI-6_skudpuKla-2JD0OyfIGrOQjOzHaPHKFNH-yb-vsMmjcOxUtBSOj__vlDRyYYlEdqvzg1Ujdc01w&utm_content=150580512&utm_source=hs_email\n\n7)Vulnerability Assessment I A Complete Guide\nhttps://www.hackerone.com/blog/vulnerability-assessment-i-complete-guide\n\n8)Breaking into Cybersecurity Successfully.pdf\nhttps://github.com/iamthefrogy/FYI/blob/main/Material/Breaking%20into%20Cybersecurity%20Successfully.pdf", "creation_timestamp": "2021-08-19T06:22:02.000000Z"}, {"uuid": "608eb5a5-7b68-4ca0-8a58-77855fca3ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/spammermarketool/39118", "content": "\ud83d\udd25 Best HQ Wordpress Exploit AiO Package \u2764\ufe0f\n\n\u2757\ufe0f NOTED : Not for Sale !!! \n\nMaybe you hard find exploit wordpress and this our channel want gift something special to everyone\nfor support our channel exploit must working with python I recommend python3 and python2 \ninstalled both in machine because tools some different coder and exploit will be needed different version 2.7 and 3\n\n\n\u26a0\ufe0f I am Not Responsible for Any Damage \u26a0\ufe0f\n\nCVE-2014-7969\nCVE-2014-9473\nCVE-2015-6522\nCVE-2016-10033\nCVE-2018-6389\nCVE-2019-20361-EXPLOIT\nCVE-2019-8942-RCE\nCVE-2020-11738\nCVE-2020-12800\nCVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE\nCVE-2021-24762\nCVE-2021-25094-tatsu-preauth-rce\nWordpress-Plugin-Spritz-RFI\nWORDPRESS-Revslider-Exploit-0DAY\nWordpress-scanner\nWordPress_4.9.8_RCE_POC\nWP-augmented-reality-RCE\nWP-Content-Injection-Exploit\nwp-file-manager-CVE-2020-25213\nwp-gravity-form-exploit\nwp-plugin-amministrazione-aperta-LFI\nWP-SMTP-0DAY\n\nDownload Here : https://t.me/hackingtoolsprvi8/2377", "creation_timestamp": "2022-06-20T19:53:12.000000Z"}, {"uuid": "04c6b02a-7563-4778-9640-b30fe4d3fa1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/spammerspacer/33792", "content": "\ud83d\udd25 Best HQ Wordpress Exploit AiO Package \u2764\ufe0f\n\n\u2757\ufe0f NOTED : Not for Sale !!! \n\nMaybe you hard find exploit wordpress and this our channel want gift something special to everyone\nfor support our channel exploit must working with python I recommend python3 and python2 \ninstalled both in machine because tools some different coder and exploit will be needed different version 2.7 and 3\n\n\n\u26a0\ufe0f I am Not Responsible for Any Damage \u26a0\ufe0f\n\nCVE-2014-7969\nCVE-2014-9473\nCVE-2015-6522\nCVE-2016-10033\nCVE-2018-6389\nCVE-2019-20361-EXPLOIT\nCVE-2019-8942-RCE\nCVE-2020-11738\nCVE-2020-12800\nCVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE\nCVE-2021-24762\nCVE-2021-25094-tatsu-preauth-rce\nWordpress-Plugin-Spritz-RFI\nWORDPRESS-Revslider-Exploit-0DAY\nWordpress-scanner\nWordPress_4.9.8_RCE_POC\nWP-augmented-reality-RCE\nWP-Content-Injection-Exploit\nwp-file-manager-CVE-2020-25213\nwp-gravity-form-exploit\nwp-plugin-amministrazione-aperta-LFI\nWP-SMTP-0DAY\n\nDownload Here : https://t.me/hackingtoolsprvi8/2377", "creation_timestamp": "2022-06-20T19:53:12.000000Z"}, {"uuid": "c6e6aa15-8ef9-4c4d-b875-6ed3d1397102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/20503", "content": "Maker Ecosystem Growth Holdings, Inc: DoS of https://ift.tt/2ilfTkR via CVE-2018-6389\n\nhttps://ift.tt/39IbsIS", "creation_timestamp": "2020-02-18T19:22:25.000000Z"}, {"uuid": "532896dd-baa1-4f76-9d5d-a0d829387c9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/95558", "content": "U.S. Dept Of Defense: DoS at \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588 (CVE-2018-6389)\n\nhttps://ift.tt/P6flUKv", "creation_timestamp": "2023-02-24T22:06:49.000000Z"}, {"uuid": "3807f380-093c-4e2a-94e8-3630de5ec4d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/19162", "content": "Ian Dunn: Dos https://iandunn.name/ via CVE-2018-6389 exploitation\n\nhttps://ift.tt/39RUzfA", "creation_timestamp": "2020-01-09T03:42:39.000000Z"}, {"uuid": "82bc97a0-39a2-4e9e-8d26-2ae9f638f7e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/arpsyndicate/1873", "content": "#ExploitObserverAlert\n\nCVE-2018-6389\n\nDESCRIPTION: Exploit Observer has 111 entries related to CVE-2018-6389. In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.\n\nFIRST-EPSS: 0.408310000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-18T00:42:09.000000Z"}, {"uuid": "8eb2d19c-3ea9-4bc7-b832-6c2623a97d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "Telegram/dt3wzguPwvHeMGbS-iOOUe43Y1n6HJwkKjrvq5BX_wYbkhfe", "content": "", "creation_timestamp": "2022-08-25T16:41:15.000000Z"}, {"uuid": "797cea27-e452-4548-9896-389a8953ba71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/184474", "content": "https://ift.tt/aKxsNc9\nPublitas: CVE-2018-6389 exploitation - using scripts loader", "creation_timestamp": "2024-02-14T08:51:19.000000Z"}, {"uuid": "7a6615ce-9d15-47dd-a7a7-5610731623a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "exploited", "source": "https://t.me/canyoupwnme/3262", "content": "How to DoS 29% of the World Wide Websites - CVE-2018-6389\nhttps://baraktawily.blogspot.com.tr/2018/02/how-to-dos-29-of-world-wide-websites.html", "creation_timestamp": "2018-02-14T09:33:59.000000Z"}, {"uuid": "b371e0bd-7d4e-4e67-9106-f220bd47869b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/3636", "content": "DoS of https://nordvpn(.)com/ via CVE-2018-6389 exploitation\nhttps://hackerone.com/reports/752010", "creation_timestamp": "2020-01-08T15:00:20.000000Z"}, {"uuid": "7e6ff4a1-c9e1-4245-a1a1-e51ff5bd4220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/hackingtoolsprvi8/2727", "content": "\ud83d\udd25 Best HQ Wordpress Exploit AiO Package \u2764\ufe0f\n\n\u2757\ufe0f NOTED : Not for Sale !!! \n\nMaybe you hard find exploit wordpress and this our channel want gift something special to everyone\nfor support our channel exploit must working with python I recommend python3 and python2 \ninstalled both in machine because tools some different coder and exploit will be needed different version 2.7 and 3\n\n\n\u26a0\ufe0f I am Not Responsible for Any Damage \u26a0\ufe0f\n\nCVE-2014-7969\nCVE-2014-9473\nCVE-2015-6522\nCVE-2016-10033\nCVE-2018-6389\nCVE-2019-20361-EXPLOIT\nCVE-2019-8942-RCE\nCVE-2020-11738\nCVE-2020-12800\nCVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE\nCVE-2021-24762\nCVE-2021-25094-tatsu-preauth-rce\nWordpress-Plugin-Spritz-RFI\nWORDPRESS-Revslider-Exploit-0DAY\nWordpress-scanner\nWordPress_4.9.8_RCE_POC\nWP-augmented-reality-RCE\nWP-Content-Injection-Exploit\nwp-file-manager-CVE-2020-25213\nwp-gravity-form-exploit\nwp-plugin-amministrazione-aperta-LFI\nWP-SMTP-0DAY\n\nDownload Here : https://t.me/hackingtoolsprvi8/2377", "creation_timestamp": "2022-08-25T16:41:15.000000Z"}, {"uuid": "6f78fee3-b951-4f4d-a98e-064406cc95ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "MISP/86d5e729-7eed-4d44-8dd6-a0944e5371e5", "content": "", "creation_timestamp": "2024-11-14T06:08:22.000000Z"}, {"uuid": "237ca0ee-d0c6-4c5a-ba9a-30f9d183beee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/101392", "content": "U.S. Dept Of Defense: DoS at \u2588\u2588\u2588\u2588\u2588(CVE-2018-6389)\n\nhttps://ift.tt/w12JF0G", "creation_timestamp": "2023-03-24T20:36:45.000000Z"}, {"uuid": "3ee849ad-c0ef-45f8-93ae-c4c8edc05ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/openSource3/151", "content": "CVE ID : CVE-2018-6389\nSystem : WordPress 4.9.2\nType : DOS\n\nExploit \n\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0628\u0641\u062f\u064a\u0648 :\nVideo", "creation_timestamp": "2024-06-02T07:46:18.000000Z"}, {"uuid": "5bec636b-8902-4be6-8109-53ca3dd5abb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/LeakingXTeam/20993", "content": "\ud83d\udd25 Best HQ Wordpress Exploit AiO Package \u2764\ufe0f\n\n\u2757\ufe0f NOTED : Not for Sale !!! \n\nMaybe you hard find exploit wordpress and this our channel want gift something special to everyone\nfor support our channel exploit must working with python I recommend python3 and python2 \ninstalled both in machine because tools some different coder and exploit will be needed different version 2.7 and 3\n\n\n\u26a0\ufe0f I am Not Responsible for Any Damage \u26a0\ufe0f\n\nCVE-2014-7969\nCVE-2014-9473\nCVE-2015-6522\nCVE-2016-10033\nCVE-2018-6389\nCVE-2019-20361-EXPLOIT\nCVE-2019-8942-RCE\nCVE-2020-11738\nCVE-2020-12800\nCVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE\nCVE-2021-24762\nCVE-2021-25094-tatsu-preauth-rce\nWordpress-Plugin-Spritz-RFI\nWORDPRESS-Revslider-Exploit-0DAY\nWordpress-scanner\nWordPress_4.9.8_RCE_POC\nWP-augmented-reality-RCE\nWP-Content-Injection-Exploit\nwp-file-manager-CVE-2020-25213\nwp-gravity-form-exploit\nwp-plugin-amministrazione-aperta-LFI\nWP-SMTP-0DAY\n\nDownload Here : https://t.me/hackingtoolsprvi8/2377", "creation_timestamp": "2022-06-20T19:53:12.000000Z"}, {"uuid": "e2a11053-b77b-4424-80a4-764d04e42b86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/3397", "content": "700$ Denial of Service(DoS) vulnerability in script-loader.php (CVE-2018-6389)\nhttps://www.pankajinfosec.com/post/700-denial-of-service-dos-vulnerability-in-script-loader-php-cve-2018-6389", "creation_timestamp": "2019-11-21T11:20:46.000000Z"}, {"uuid": "7a203446-e5c2-4b09-b6ed-dac11384c89a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/55", "content": "#exploit\n1. CVE-2018-5758:\nXXE in Jive-n 0-day\nhttps://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-5758\n\n2. CVE-2018-1335:\nCommand Injection in Apache Tika-server\nhttps://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-1335\n\n3. CVE-2018-6389:\nApache RewriteRule to mitigate potential DoS attack via Wordpress wp-admin/load-scripts.php file\nhttps://github.com/yolabingo/wordpress-fix-cve-2018-6389\n\n4. CVE-2018-12613:\nWordpress plugin Site-Editor v1.1.1 - LFI\nhttps://github.com/0x00-0x00/CVE-2018-7422", "creation_timestamp": "2024-06-22T09:28:36.000000Z"}, {"uuid": "6e47d1bf-112c-4d60-b5bc-9766807a637e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "Telegram/d8wD4nyiI6OV0OXzhOtZYCLbRAqpkWgPekubzfScCoXm1wI", "content": "", "creation_timestamp": "2025-11-13T15:00:08.000000Z"}, {"uuid": "99525db4-da5d-4d87-bdbe-68c6202203a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/33097", "content": "Sifchain: Possibility of DoS attack at https://ift.tt/33ljPcB via CVE-2018-6389 exploitation\n\nhttps://ift.tt/2R5YkcK", "creation_timestamp": "2021-05-07T18:52:28.000000Z"}, {"uuid": "96b66edc-9149-4000-85d6-cc5c619057a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/107174", "content": "Fastly VDP: CVE-2018-6389 exploitation - using scripts loader\n\nhttps://ift.tt/IAGEomv", "creation_timestamp": "2023-04-20T22:06:39.000000Z"}, {"uuid": "93d2f64e-6975-4934-a57e-f67a35b562df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "Telegram/qA7RHbfeiqXzFaQFtQDWHegpUj17EgvuINx_Fz9sXMRGmneY", "content": "", "creation_timestamp": "2022-06-20T20:34:58.000000Z"}, {"uuid": "338fe254-873e-4708-85db-8b11d5d7115d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/D4RKW0R1D/557", "content": "FROM INTERNET\n\n1)CVE-2018-6389 exploitation - using scripts loader\nhttps://hackerone.com/reports/925425\n\n2)No DMARC record at cordacon.com\nhttps://hackerone.com/reports/1125143\n\n3)Fortinet FortiWeb OS Command Injection\nhttps://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/\n\n4)How I found read/write access to the personal data of 3 million users of an E-commerce website?\nhttps://medium.com/@psr595bro/how-i-found-read-write-access-to-the-personal-data-of-3-million-users-of-an-e-commerce-website-b9026b0d4bd3\n\n5)Secure Coding Handbook\nhttps://vladtoie.gitbook.io/secure-coding/\n\n6)Top 10 Kubernetes Application Security Hardening Techniques\nhttps://blog.aquasec.com/kubernetes-hardening-techniques?utm_campaign=General%20website&utm_medium=email&_hsmi=150580512&_hsenc=p2ANqtz-97I89xNVbSDmrI-6_skudpuKla-2JD0OyfIGrOQjOzHaPHKFNH-yb-vsMmjcOxUtBSOj__vlDRyYYlEdqvzg1Ujdc01w&utm_content=150580512&utm_source=hs_email\n\n7)Vulnerability Assessment I A Complete Guide\nhttps://www.hackerone.com/blog/vulnerability-assessment-i-complete-guide\n\n8)Breaking into Cybersecurity Successfully.pdf\nhttps://github.com/iamthefrogy/FYI/blob/main/Material/Breaking%20into%20Cybersecurity%20Successfully.pdf", "creation_timestamp": "2021-08-19T08:21:59.000000Z"}]}