Description
WordPress is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input data. Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks or to cause the affected website to consume resources, thus denying service to legitimate users. WordPress version 4.5.3 is vulnerable.
Remediation
Update to WordPress version 4.6 or latest
References
https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
https://www.exploit-db.com/exploits/40288/
https://packetstormsecurity.com/files/138457/WordPress-4.5.3-Core-Ajax-Handlers-Path-Traversal.html
Related Vulnerabilities
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.7)
WordPress Plugin PDF Embedder Security Bypass (4.4)
WordPress Plugin Backend Localization Multiple Cross-Site Scripting Vulnerabilities (1.6.1)
WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.4)
Envoy Proxy Missing Authentication for Critical Function Vulnerability (CVE-2022-29226)