CVE-2024-13926
Published: 19 April 2025
Summary
CVE-2024-13926 is a high-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Connections-Pro Wp-Syntax. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application Exhaustion Flood (T1499.003); ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54438
Vulnerability details
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables application exhaustion flood (T1499.003) via multiple concurrent requests to a page with a malicious payload causing regex backtracking CPU exhaustion, and application exploitation for DoS (T1499.004) through catastrophic backtracking in regex processing.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.