High severity7.1NVD Advisory· Published Jan 18, 2017· Updated Jun 17, 2026
CVE-2016-6896
CVE-2016-6896
Description
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:wordpress:wordpress:4.5.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:4.5.3:*:*:*:*:*:*:*
- (no CPE)range: = 4.5.3
Patches
Vulnerability mechanics
References
5- sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.htmlnvdExploitTechnical DescriptionThird Party Advisory
- www.openwall.com/lists/oss-security/2016/08/20/1nvdMailing ListThird Party Advisory
- www.securitytracker.com/id/1036683nvd
- wpvulndb.com/vulnerabilities/8606nvd
- www.exploit-db.com/exploits/40288/nvd
News mentions
0No linked articles in our index yet.