CVE-2016-6896

Published: 18 January 2017

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
wordpress
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(4.6.1+dfsg-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4.6.1+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.6.1+dfsg-1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)