Wordpress » Wordpress » 3.4.0 : Security Vulnerabilities, CVEs, (Directory traversal) CVSS score >= 1
CVE-2019-8943
Public exploit
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
Max CVSS
6.5
EPSS Score
95.88%
Published
2019-02-20
Updated
2021-02-23
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
Max CVSS
6.1
EPSS Score
0.33%
Published
2023-05-17
Updated
2023-06-21
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.
Max CVSS
8.8
EPSS Score
82.32%
Published
2018-06-26
Updated
2021-11-05
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Max CVSS
7.5
EPSS Score
0.47%
Published
2017-09-23
Updated
2017-11-10
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.
Max CVSS
6.5
EPSS Score
0.21%
Published
2017-01-05
Updated
2017-11-04
5 vulnerabilities found