CVE-2013-2173
wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.
Date published : 2013-06-21
http://archives.neohapsis.com/archives/bugtraq/2013-06/0052.html