Medium severity4.3NVD Advisory· Published Jan 18, 2017· Updated May 13, 2026

CVE-2016-10148

Description

The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.

Affected products

WordPress/WordPress
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Range: <=4.5.5
Package: https://wordpress.org/plugins/wordpress

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

core.trac.wordpress.org/changeset/38168nvdIssue TrackingPatch
www.openwall.com/lists/oss-security/2016/08/20/1nvdMailing ListThird Party Advisory
sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.htmlnvdTechnical DescriptionThird Party Advisory
core.trac.wordpress.org/ticket/37490nvdIssue Tracking
www.securityfocus.com/bid/96847nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000