CVE-2016-6896

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:wordpress:wordpress:4.5.3:*:*:*:*:*:*:*

Information

Published : 2017-01-18 13:59

Updated : 2017-09-02 18:29


NVD link : CVE-2016-6896

Mitre link : CVE-2016-6896


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

wordpress

  • wordpress