Wordpress : Security Vulnerabilities Published In 2017 (Directory traversal)
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
| Max Base Score | 7.5 |
| Published | 2017-09-23 |
| Updated | 2017-11-10 |
| EPSS | 0.30% |
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
| Max Base Score | 7.5 |
| Published | 2017-09-23 |
| Updated | 2017-11-10 |
| EPSS | 0.47% |
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.
| Max Base Score | 6.5 |
| Published | 2017-01-05 |
| Updated | 2017-11-04 |
| EPSS | 0.21% |
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
| Max Base Score | 7.1 |
| Published | 2017-01-18 |
| Updated | 2017-09-03 |
| EPSS | 32.65% |
4 vulnerabilities found