Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2018-12895 — Path Traversal in Wordpress
Severity
8.8HIGHNVD
EPSS
89.0%
top 0.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 26
Latest updateMay 13
Description
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
2💥Exploits & PoCs
2📋Vendor Advisories
1Debian▶
CVE-2018-12895: wordpress - WordPress through 4.9.6 allows Author users to execute arbitrary code by leverag...↗2018
💬Community
3Bugzilla▶
CVE-2018-12895 wordpress: Author users can execute arbitrary code by leveraging directory traversal on the wp-admin/post.php thumb parameter [epel-all]↗2018-06-27
Bugzilla▶
CVE-2018-12895 wordpress: Author users can execute arbitrary code by leveraging directory traversal on the wp-admin/post.php thumb parameter [fedora-all]↗2018-06-27
Bugzilla▶
CVE-2018-12895 wordpress: Author users can execute arbitrary code by leveraging directory traversal on the wp-admin/post.php thumb parameter↗2018-06-27