EPSS
Percentile
76.0%
Wordpress is vulnerable to directory traversal attacks. The library does not validate file names before attempting to unzip them, allowing a malicious user to pass a malformed path to traverse the application’s directory.
core.trac.wordpress.org/changeset/41457
wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/