In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service by using the large list of registered .js files to construct a series of requests to load every file many times.