Versions of WordPress 4.5.x prior to 4.6 are affected by multiple vulnerabilities :
- A path traversal vulnerability exists in the WordPress Admin API in the ‘wp_ajax_update_plugin()’ function in ‘ajax-actions.php’ due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition. (CVE-2016-6896)
- A cross-site request forgery vulnerability (CSRF/XSRF) exists in the ‘admin-ajax.php’ script due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to perform arbitrary AJAX updates. (CVE-2016-6897)
- An information disclosure vulnerability exists in the ‘wp_ajax_update_plugin()’ function in the ‘ajax-actions.php’ script due to performing a call to ‘get_plug_data()’ before checking capabilities. An authenticated, remote attacker can exploit this to bypass intended read-access restrictions, resulting in a disclosure of sensitive information. (CVE-2016-10148)