Description
WordPress is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input data. Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks or to cause the affected website to consume resources, thus denying service to legitimate users. WordPress version 4.5.3 is vulnerable.
Remediation
Update to WordPress version 4.6 or latest
References
https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
https://www.exploit-db.com/exploits/40288/
https://packetstormsecurity.com/files/138457/WordPress-4.5.3-Core-Ajax-Handlers-Path-Traversal.html
Related Vulnerabilities
WordPress Plugin 3D Tag Cloud Cross-Site Request Forgery (3.8)
Oracle Database Server CVE-2013-5858 Vulnerability (CVE-2013-5858)
Dolibarr Missing Authorization Vulnerability (CVE-2018-10092)
MySQL CVE-2014-2435 Vulnerability (CVE-2014-2435)
Cherokee NULL Pointer Dereference Vulnerability (CVE-2020-12845)