Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-6897

Published: 18/01/2017 Updated: 03/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Wordpress

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress prior to 4.6 allows remote malicious users to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2016-6896 CVE-2016-6897
Debian Bug report logs - #837090 wordpress: CVE-2016-6896 CVE-2016-6897 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Sep 2016 17:39:02 UTC Severity: grave Tags: security, upstream Found in version wordpres ...

Exploits

Exploit DB: WordPress 4.5.3 - Directory Traversal / Denial of Service
Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API This issue can (potentially) be used by an authenticated user (Subscriber) to create a denial of service condition of an affected WordPress site Contact For feedback or questions a ...

References

CWE-352https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.htmlhttps://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568http://www.openwall.com/lists/oss-security/2016/08/20/1http://www.securityfocus.com/bid/92572https://wpvulndb.com/vulnerabilities/8606http://www.securitytracker.com/id/1036683https://www.exploit-db.com/exploits/40288/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090https://nvd.nist.govhttps://www.exploit-db.com/exploits/40288/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook