WordPress Admin API Directory Traversal (CVE-2016-6896)

A directory traversal vulnerability has been reported in WordPress. This vulnerability is due to incorrect validation of a user supplied path for directory traversal characters. An authenticated user with subscriber privileges could exploit this vulnerability by sending specially crafted requests to the Admin API. Successful exploitation results in a Denial of Service condition.

Leave a Reply