CVE-2024-12579: 
WordPress vulnerability analysis and mitigation

The Minify HTML plugin for WordPress contains a Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2024-12579) affecting all versions up to and including 2.1.10. The vulnerability was discovered and disclosed on December 13, 2024, impacting the WordPress plugin's HTML minification functionality (NVD).

The vulnerability stems from the plugin's improper handling of user-supplied input as regular expressions, which can lead to catastrophic backtracking. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) (NVD, Wordfence).

When exploited, this vulnerability allows unauthenticated attackers to create comments that can trigger catastrophic backtracking in the regular expression processing, potentially leading to broken pages and degraded server performance (NVD).

A fix has been implemented in the WordPress plugin repository, as evidenced by the changelog (WordPress Plugin). Users are advised to update their Minify HTML plugin to the latest version available.