{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-12579", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-12-12T15:59:19.104Z", "datePublished": "2024-12-13T04:23:26.470Z", "dateUpdated": "2026-04-08T17:03:31.587Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:03:31.587Z"}, "affected": [{"vendor": "teckel", "product": "Minify HTML", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.1.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages."}], "title": "Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80334e81-c33d-464c-9409-f49c34681890?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3203890/minify-html-markup"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption", "cweId": "CWE-400", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Pierre Rudloff"}], "timeline": [{"time": "2024-12-12T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-16T15:59:44.192412Z", "id": "CVE-2024-12579", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-16T16:42:12.138Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12579", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-16T15:59:44.192412Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-16T15:59:45.507Z"}}], "cna": {"title": "Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service", "credits": [{"lang": "en", "type": "finder", "value": "Pierre Rudloff"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "teckel", "product": "Minify HTML", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.1.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-12-12T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80334e81-c33d-464c-9409-f49c34681890?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3203890/minify-html-markup"}], "descriptions": [{"lang": "en", "value": "The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-12-13T04:23:26.470Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12579", "state": "PUBLISHED", "dateUpdated": "2024-12-16T16:42:12.138Z", "dateReserved": "2024-12-12T15:59:19.104Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-12-13T04:23:26.470Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages."}, {"lang": "es", "value": "El complemento Minify HTML para WordPress es vulnerable a la denegaci\u00f3n de servicio por expresi\u00f3n regular (ReDoS) en todas las versiones hasta la 2.1.10 incluida. Esto se debe al procesamiento de la entrada proporcionada por el usuario como una expresi\u00f3n regular. Esto hace posible que atacantes no autenticados creen comentarios que pueden causar retrocesos catastr\u00f3ficos y romper p\u00e1ginas."}], "id": "CVE-2024-12579", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-12-13T05:15:07.473", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3203890/minify-html-markup"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80334e81-c33d-464c-9409-f49c34681890?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T22:01:13.256932+00:00", "updated": "2025-07-12T22:01:13.257011+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}