Description

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.

Remediation

References

CVE-2016-6896

Related Vulnerabilities

WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.0)

WordPress Plugin tcS3 Cross-Site Scripting (2.1.1)

WordPress Plugin cformsII 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities (13.1)

PHP Other Vulnerability (CVE-2016-4541)

WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)

Severity

High

Classification

CVE-2016-6896 CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities