Description
WordPress is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input data. Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks or to cause the affected website to consume resources, thus denying service to legitimate users. WordPress version 4.5.3 is vulnerable.
Remediation
Update to WordPress version 4.6 or latest
References
https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
https://www.exploit-db.com/exploits/40288/
https://packetstormsecurity.com/files/138457/WordPress-4.5.3-Core-Ajax-Handlers-Path-Traversal.html
Related Vulnerabilities
WordPress Plugin WordPress Facebook SQL Injection (1.0.13)
OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0465)
Drupal Core 7.x Arbitrary File Overwrite (7.0 - 7.77)
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2018-20506)
ownCloud Improper Input Validation Vulnerability (CVE-2012-5336)