WordPress Admin API Directory Traversal (CVE-2016-6896)

August 29, 2016 007admin Leave a comment

A directory traversal vulnerability has been reported in WordPress. This vulnerability is due to incorrect validation of a user supplied path for directory traversal characters. An authenticated user with subscriber privileges could exploit this vulnerability by sending specially crafted requests to the Admin API. Successful exploitation results in a Denial of Service condition.

007 Software

WordPress Admin API Directory Traversal (CVE-2016-6896)

Leave a Reply Cancel reply

Software and Security Information