Incapsula has discovered a DDoS attack using thousands of legitimate WordPress blogs without the need for them to be compromised. The attack makes uses of a feature in the WordPress blogging platform called ‘pingback’ which allows the author of one blog to send a ‘ping’ to a post on another blog to notify the latter that it has been referenced. The Pingback mechanism has been known to be a security risk for some time. The vulnerability (CVE-2013-0235) was fixed in in WordPress 3.5.1, by applying some filtering on allowed URLs.
Source: https://thehackernews.com/2013/05/millions-of-wordpress-sites-exploitable.html