There is a DoS vulnerability in all WP installations. It is hidden in the load-scripts.php and load-styles.php files. Their purpose is to combine scripts and styles in the administration to load the admin faster.
You can ask them to combine a huge amount of files, the result will be a huge load and it may kill your webserver.
There is an unofficial patch or you can limit the size of requests for load scripts:
Question is: Do you still need it in the age of HTTP/2?