Description
The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (14.1.7)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3385)
WordPress Plugin Automatic 'q' Parameter SQL Injection (2.0.3)
WordPress Plugin Plugmatter Optin Feature Box Multiple SQL Injection Vulnerabilities (2.0.13)