Published: 05/01/2017 Updated: 04/11/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress prior to 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

Debian Bug report logs - #837090 wordpress: CVE-2016-6896 CVE-2016-6897 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Sep 2016 17:39:02 UTC Severity: grave Tags: security, upstream Found in version wordpres ...

Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, cross-site request forgery, path traversal, or bypass restrictions For the stable distribution (jessie), these problems have been fixed in version 41+dfsg-1+deb8u10 We recommend that you upg ...

A path traversal vulnerability has been discovered in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team ...

CWE-22 https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e https://codex.wordpress.org/Version_4.6.1 http://www.securityfocus.com/bid/92841 https://wpvulndb.com/vulnerabilities/8616 http://www.debian.org/security/2016/dsa-3681 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090 https://www.debian.org/security/./dsa-3681

CVE-2016-7169

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect