Lucene search
RyanWPVDB-ID:42AB2BD9-BBB1-4F25-A632-1811C5130BB4HistoryJun 27, 2018 - 12:00 a.m.
WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
2018-06-2700:00:00
Ryan
wpscan.com
19
0.535 Medium
EPSS
Percentile
97.6%
This can lead to code execution if the wp-config.php file is deleted, forcing WordPress to start the installation process. Can be exploited by any user who is able to edit uploaded media.
References
blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
Related
veracode
veracode
Arbitrary File Deletion
2018-06-27 05:49:00
openvas
openvas
WordPress Arbitrary File Deletion Vulnerability (Jun 2018) - Windows
2018-06-27 00:00:00
WordPress Arbitrary File Deletion Vulnerability (Jun 2018) - Linux
2018-06-27 00:00:00
Fedora Update for wordpress FEDORA-2018-8fc2cb8cb0
2018-07-15 00:00:00
zdt
zdt
Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) Exploit
2021-10-25 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: wordpress-4.9.7-1.fc27
2018-07-14 23:36:51
[SECURITY] Fedora 28 Update: wordpress-4.9.7-1.fc28
2018-07-15 03:34:16
[SECURITY] Fedora 28 Update: wordpress-5.1.1-1.fc28
2019-03-21 21:09:38
ubuntucve
ubuntucve
CVE-2018-12895
2018-06-26 00:00:00
osv
osv
wordpress - security update
2018-07-18 00:00:00
CVE-2018-12895
2018-06-26 20:29:00
wordpress - security update
2018-07-30 00:00:00
cve
cve
CVE-2018-12895
2018-06-26 20:29:00
debiancve
debiancve
CVE-2018-12895
2018-06-26 20:29:00
nvd
nvd
CVE-2018-12895
2018-06-26 20:29:00
packetstorm
packetstorm
WordPress 4.9.6 Arbitrary File Deletion
2021-10-25 00:00:00
debian
debian
[SECURITY] [DSA 4250-1] wordpress security update
2018-07-18 07:47:25
[SECURITY] [DSA 4250-1] wordpress security update
2018-07-18 07:47:25
[SECURITY] [DLA 1452-1] wordpress security update
2018-07-30 00:19:27
nessus
nessus
Debian DSA-4250-1 : wordpress - security update
2018-07-20 00:00:00
Fedora 28 : wordpress (2018-623df1e98d)
2019-01-03 00:00:00
Fedora 27 : wordpress (2018-8fc2cb8cb0)
2018-07-24 00:00:00
cvelist
cvelist
CVE-2018-12895
2018-06-26 20:00:00
patchstack
patchstack
WordPress <=4.9.6 - Arbitrary Code Execution vulnerability
2018-06-27 00:00:00
prion
prion
Directory traversal
2018-06-26 20:29:00
exploitdb
exploitdb
Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)
2021-10-25 00:00:00