Wordpress » Wordpress » 3.3.1 : Security Vulnerabilities, CVEs, Published In 2017 (Directory traversal)
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Max CVSS
7.5
EPSS Score
0.47%
Published
2017-09-23
Updated
2017-11-10
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.
Max CVSS
6.5
EPSS Score
0.21%
Published
2017-01-05
Updated
2017-11-04
2 vulnerabilities found