Vulnerabilities
By Date By Type Known Exploited Assigners CVSS Scores EPSS Scores Search
Vulnerable Software
Vendors Products Version Search
Metasploit Modules CWE Definitions
Articles Blog

Wordpress » Wordpress : Security Vulnerabilities Published In 2017 (Denial of service)

Published in:
2017 January   February   March   April   May   June   July   August   September   October   November   December  
CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9
In CISA KEV Catalog
Copy

CVE-2016-6896

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
Max Base Score
7.1
Published 2017-01-18
Updated 2017-09-03
EPSS 32.65%
1 vulnerabilities found
This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close