Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2016-6896 — Path Traversal in Wordpress
Severity
7.1HIGHNVD
NVD6.5NVD4.3OSV4.3
EPSS
35.2%
top 2.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJan 18
Latest updateMay 17
Description
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2
Affected Packages3 packages
🔴Vulnerability Details
6GHSA▶
GHSA-rxch-vxwr-47jw: Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions↗2022-05-17
GHSA▶
GHSA-3wwg-h2fr-3v7w: The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions↗2022-05-17
GHSA▶
GHSA-7r4r-qf37-vqqq: Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions↗2022-05-17
OSV▶
CVE-2016-6896: Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions↗2017-01-18
💥Exploits & PoCs
2📋Vendor Advisories
3Debian▶
CVE-2016-6897: wordpress - Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin fun...↗2016
Debian▶
CVE-2016-10148: wordpress - The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in Word...↗2016
Debian▶
CVE-2016-6896: wordpress - Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-ad...↗2016