Ubuntu.comUB:CVE-2016-6896CVE-2016-6896
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
0.327 Low
EPSS
Percentile
97.0%
Directory traversal vulnerability in the wp_ajax_update_plugin function in
wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote
authenticated users to cause a denial of service or read certain text files
via a … (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as
demonstrated by /dev/random read operations that deplete the entropy pool.
Related
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
0.327 Low
EPSS
Percentile
97.0%