Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2016-6896

Published: 18/01/2017 Updated: 03/09/2017
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8
VMScore: 635
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Subscribe to Wordpress

Vulnerability Summary

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 4.5.3

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2016-6896 CVE-2016-6897
Debian Bug report logs - #837090 wordpress: CVE-2016-6896 CVE-2016-6897 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Sep 2016 17:39:02 UTC Severity: grave Tags: security, upstream Found in version wordpres ...

Exploits

Exploit DB: WordPress 4.5.3 - Directory Traversal / Denial of Service
Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API This issue can (potentially) be used by an authenticated user (Subscriber) to create a denial of service condition of an affected WordPress site Contact For feedback or questions a ...
Exploit DB: WordPress Traversal Directory DoS
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actionsphp in WordPress before 46 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a relate ...
Exploit DB: WordPress Traversal Directory DoS
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actionsphp in WordPress before 46 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a relate ...

Metasploit Modules

WordPress Traversal Directory DoS

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.

msf > use auxiliary/dos/http/wordpress_directory_traversal_dos
msf auxiliary(wordpress_directory_traversal_dos) > show actions
    ...actions...
msf auxiliary(wordpress_directory_traversal_dos) > set ACTION < action-name >
msf auxiliary(wordpress_directory_traversal_dos) > show options
    ...show and set options...
msf auxiliary(wordpress_directory_traversal_dos) > run
WordPress Traversal Directory DoS

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.

msf > use auxiliary/dos/http/wordpress_directory_traversal_dos
msf auxiliary(wordpress_directory_traversal_dos) > show actions
    ...actions...
msf auxiliary(wordpress_directory_traversal_dos) > set ACTION < action-name >
msf auxiliary(wordpress_directory_traversal_dos) > show options
    ...show and set options...
msf auxiliary(wordpress_directory_traversal_dos) > run

References

CWE-22https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.htmlhttp://www.openwall.com/lists/oss-security/2016/08/20/1https://wpvulndb.com/vulnerabilities/8606http://www.securitytracker.com/id/1036683https://www.exploit-db.com/exploits/40288/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090https://nvd.nist.govhttps://www.exploit-db.com/exploits/40288/https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_directory_traversal_dos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook